Russian Phishing Campaigns Target Civil Society

A series of sophisticated phishing attacks, reportedly backed by Russian intelligence, have targeted Russian and Belarusian non-profits, independent media, and international NGOs, including former U.S. ambassador Steven Pifer. Identified groups, Coldriver and a newly named Coldwastrel, have utilized social engineering tactics to deceive targets into revealing their login credentials through emails that impersonate known contacts. Victims have faced significant risks, especially those involved in human rights advocacy, as the attackers' focus appears to be on gaining unauthorized access rather than deploying malware. This campaign has been active since at least 2022 and reflects a broader pattern of state-sponsored cyberattacks aimed at undermining critics of the Kremlin. Security researchers have advised heightened caution when handling unsolicited emails, particularly those requesting document reviews. U.S. officials are monitoring these developments closely, especially in light of upcoming elections.