By Zeba Siddiqui

Aug 14 (Reuters) — Hackers linked to Russian
intelligence are targeting the Kremlin’s critics around the
globe with phishing emails, according to new research published
on Wednesday by digital rights groups Citizen Lab and Access
Now.

The phishing campaign is part of a sweeping internet
espionage operation, the researchers say, and comes as U.S.
officials are closely monitoring computer networks to thwart any
cyberattacks against the 2024 presidential election.

The email hacks began around 2022 and have targeted
prominent Russian opposition figures-in-exile, former U.S. think
tank and policy officials and academics, U.S. and EU nonprofit
staff, as well as media organizations, the report said.

Some of those targeted were still in Russia, «placing them
at considerable risk», the researchers said, adding that the
victims may have been selected to try to gain access to their
extensive networks of contacts.

While phishing is a common hacking technique, a hallmark of
this operation was that the malicious emails often impersonated
people known to the victims, making them seem more authentic.

Citizen Lab attributed the hacking to two groups: the
prominent Russian hacking outfit Cold River, which Western
intelligence and security officials have linked to Russia’s
Federal Security Service (FSB), and a new group dubbed
Coldwastrel, which appeared to support Russian intelligence.

The Russian embassy in Washington did not respond to a
request for comment. Russia has consistently denied allegations
of hacking during past incidents linked to Cold River.

One of the victims of the hacking operation was a former
U.S. ambassador to Ukraine, who was targeted with a «credible
effort» impersonating a fellow former ambassador known to him,
according to the report, which didn’t name the person.

The booby-trap emails usually had an attached PDF that
solicited a click to decrypt. That click took the target to a
website resembling the Gmail or ProtonMail login pages, where if
they entered their credentials, the hackers would be able to
access their accounts and mailing lists.

Some of those targeted by the campaign fell for it, said
Dmitry Zair-Bek, who heads the Russian rights group First
Department, which was also involved in the research.

«This attack is not really complicated, but it’s no less
effective, because you do not expect a phishing email from your
colleague,» Zair-Bek told Reuters.

The total number of people targeted was in the double
digits, and most were hit this year, he added, without
elaborating.

Citizen Lab said the targets had extensive networks of
contacts within sensitive communities, including high-risk
individuals within Russia.

«For some, successful compromise could result in extremely
serious consequences, such as imprisonment,» it said.

Cold River has emerged as one of the most prolific Russian
hacking groups since it first appeared on the radar of
intelligence officials in 2016.

It has escalated its hacking campaign against Kyiv’s allies
following Russia’s invasion of Ukraine, and some of its members
were sanctioned by U.S. and British officials in December.
(Reporting by Zeba Siddiqui; Editing by Crispian Balmer)