This campaign, which Canada’s Citizen Lab has investigated in collaboration with Access Now and with the participation of numerous civil society organizations including First Department, Arjuna Team, and RESIDENT.ngo, engages targets with personalized and highly-plausible social engineering in an attempt to gain access to their online accounts.
The researchers attribute this campaign to COLDRIVER (also known as Star Blizzard, Callisto and other designations). This threat actor is attributed to the Russian Federal Security Service (FSB) by multiple governments.
They identified a second threat actor targeting similar communities, whom we name COLDWASTREL. We assess that this actor is distinct from COLDRIVER, and that the targeting that we have observed aligns with the interests of the Russian government.
The URL to which the target is redirected is typically a webpage crafted by the attacker to look like a genuine login page for the target’s email service
DO NOT enter your password after clicking on a link you got in an email, or an emailed pdf, or an emailed word document, or a link you got in telegram, or a strange url that came to you in a dream, or anything else like that. Why is it so difficult to get people to remember this?
