216.73.217.22

Rivers of Phish: Sophisticated Phishing Targets Russia's Perceived Enemies Around the Globe

· Published 14/08/2024 15:04 · Modified 14/08/2024 15:45

Export JSON

Essential information

Published
14/08/2024 15:04
Modified
14/08/2024 15:45
Tags
2024-08-14 captcha coldwastrel javascript pdf phishing
Related entities
28 observables, 1 intrusion sets (apt), 12 techniques (mitre), 4 others

Description

An extensive investigation uncovered an elaborate campaign conducted by a Russia-based threat actor known as COLDRIVER, attributed to Russia's Federal Security Service. The campaign employed personalized social engineering tactics to target civil society groups, NGOs, journalists, and government entities perceived as adversaries. A separate threat actor called , potentially aligned with Russian interests, was also identified employing similar techniques. The report details the intricate methods used, including impersonating known individuals, crafting credible lures, and harvesting credentials for account takeovers, underscoring the persistent threats facing civil society from state-backed cyber operations.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Observables (28)

  • dj-kqf04.eu1.hubspotlinksfree.com
  • vocabpaper.com
  • xsltweemat.org
  • togochecklist.com
  • resident.ngo
  • service-proton.me
  • protondrive.me
  • protondrive.online
  • proton-viewer.com
  • proton-reader.com
  • proton-docs.com
  • ithostprotocol.com
  • matalangit.org
  • ideaspire.net
  • esestacey.net
  • egenre.net
  • eilatocare.com
  • protondrive.services
  • efa2fd8f8808164d6986aedd6c8b45bb83edd70ca4e80d7ff563a3fbc05eab89
  • c1fa7cd73a14946fc760a54ebd0c853fab24a080cbf6b8460a949f28801e16fc
  • df9d77f3e608c92ef899e5acd1d65d87ce2fdb9aab63bbf58e63e6fd6c768ac3
  • b07d54a178726ffb9f2d5a38e64116cbdc361a1a0248fb89300275986dc5b69d
  • 79f93e57ad6be28aae62d14135140289f09f86d3a093551bd234adc0021bb827
  • 603221a64f2843674ad968970365f182c228b7219b32ab3777c265804ef67b0a
  • 4a9a2c2926b7b8e388984d38cb9e259fb4060cccc2d291c7910be030ae5301a3
  • 384d3027d92c13da55ceef9a375e8887d908fd54013f49167946e1791730ba22
  • 0ded441749c5391234a59d712c9d8375955ebd3d4d5848837b8211c6b27a4e88
  • 00664f72386b256d74176aacbe6d1d6f6dd515dd4b2fcb955f5e0f6f92fa078e

Intrusion sets (APT) (1)

  • COLDWASTREL
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 05:58 · Modified 21/12/2025 05:58

Techniques (MITRE) (12)

Others (4)

  • Media
  • Education
  • NGO
  • Government

External references