Russian hackers target Kremlin critics globally
Research reveals a widespread cyber espionage campaign targeting Kremlin critics and Western figures.
Hackers connected to Russian intelligence have been targeting Kremlin critics worldwide through phishing emails, as revealed by research from Citizen Lab and Access Now. The cyberattacks, which began in 2022, have affected Russian opposition figures in exile, former US officials, and EU non-profits, among others. These attacks are part of a broader internet espionage operation aimed at accessing sensitive networks and contacts.
A key feature of the campaign is the use of malicious emails that appear to come from known contacts, making them particularly deceptive. Victims include a former US ambassador to Ukraine, who received an email impersonating a colleague. Many of those targeted fell for the scam, which led them to fake login pages designed to steal their credentials.
The hacking groups behind the attacks, identified as Cold River and Coldwastrel, have been linked to Russia’s Federal Security Service (FSB). Cold River, known for its prolific activity since 2016, has intensified its efforts against Kyiv’s allies since the invasion of Ukraine. Some of its members have faced sanctions from the US and Britain.
Citizen Lab warns that the consequences of these cyberattacks could be severe, particularly for those still in Russia, where successful breaches could lead to imprisonment. Despite the serious implications, the Russian embassy has not commented on the allegations, continuing to deny involvement in previous hacking incidents.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.