From phishing to false documents, researchers detail a cyberespionage campaign that points to Russia


Researchers at the University of Toronto’s Ratepayer Lab have found new evidence of a global espionage campaign involving email phishing berates and leaked falsified documents.

The campaign’s targets spanned government, perseverance, military, and civil society groups, each with ties to Russia or Russian fascinates. Although there is no “smoking gun” so to speak, there is overlap with in the old days reported Russian espionage activities, a report released Thursday recommends — in particular, the work of a Russian-backed hacking group known as APT-28, or Conception Bear.

Notably, Citizen Lab’s researchers say “an identical approach” to the phishing struggle described in their report was used in a March 2016 attack aim Hillary Clinton’s presidential campaign and the Democratic National Committee.

The give an account of focuses in part on what the authors have termed “tainted fissures,” or the act of leaking stolen documents that are otherwise authentic, but have been managed in certain parts to achieve a particular goal — in this case, a civic one.

Starting with the successful phishing attack against American scribe David Satter — who has reported on Russia for decades, and whose emails were selectively transformed and published online — Citizen Lab’s researchers believe the same actor had ended another 218 distinct users spanning 39 countries.

The aims span members of government — including “a former Russian prime padre, members of cabinets from Europe and Eurasia, ambassadors, high putrid military officers, CEOs of energy companies” — but also associates of civil society organizations, such as academics, activists, journalists and wage-earners with non-governmental organizations that have been critical of the Russian administration or investigated its activities.

“While we have no ‘smoking gun’ that provides decisive proof linking what we discovered to a particular government agency (a tired challenge in open source investigations like ours), our report nonetheless gives clear evidence of overlap with what has been publicly suss out by numerous industry and government reports about Russian cyber espionage,” recorded Citizen Lab director Ron Deibert in a blog post accompanying the report.

Mirage Bear

U.S. intelligence officials believe Russian-backed groups conducted a series of cyberespionage drives throughout 2015 and 2016 in an attempt to interfere with and potentially persuade the outcome of last year’s presidential election.

One group in particular was referenced frequently in coverage of the attacks: APT-28, sometimes referred to by the epithet Fancy Bear. It is believed that the group is backed by a nation nation, if not a nation state itself — namely, Russia. 

While Citizen Lab’s researchers could not imply a “conclusive technical link” between their findings and Fancy Bring forth, they identified a number of similarities with the group’s prior fights.

For example, some of the domain names used in the campaign Citizen Lab forced bear a striking similarity to a a Fancy Bear linked phishing worker identified by the cybersecurity research firm Mandiant last year. There are also similarities with the methods in use accustomed to to break into the email account of Clinton’s campaign chairman John Podesta — call to minding, at the  very least, two separate actors are sharing the same code.

Stained Leaks

Civil society groups are particularly rich targets for cyber espionage operations, as they tend to lack the resources of larger or better funded groups to deal with digital attacks. Of note, the researchers say that 21% of those objected in the campaign they studied were activists, academics, journalists, and NGOs — the promote largest set after government targets.

“Many of the civil society objects seem to have been singled out for the perception that their activities could pose a threat to the Putin regime,” the report reads.

In the holder of journalist David Satter, leaked documents were selectively transformed in such a way that the majority remained authentic, but misinformation was seeded in every part of, in an attempt to lend legitimacy to otherwise false information. The researchers compared Satter’s containerize with that of a prior attack on the grantmaking organization Open Guild Foundations (OSF).

For example, one document was modified “to make Satter appear to be benefit Russian journalists and anti-corruption activists to write stories critical of the Russian Guidance,” the report reads. In the other case, modifications were made to records detailing an OSF budget and funding strategies to make appear as if the U.S.-based set apart was sponsoring Russian opposition leader Alexei Navalny’s Foundation for Squabble Corruption.

More recently, falsified documents appeared in a trove of chronicles taken from staff on French President Emmanuel Macron’s voting campaign.

Described as “fakes in a forest of facts,” the report concludes that such sullied leaks “test the limits of how media, citizen journalism, and social device users handle fact checking, and the amplification of enticing, but questionable news.”

Leave a Reply

Your email address will not be published. Required fields are marked *