Mailprotonmailsystems (June and July)īased on an iterative technique termed “timestamp pivoting”, cyber-threat consultancy ThreatConnect were able to identify a further 6 domains registered by the same actor group. Bellingcat has identified five different domains that were used between April 26 and Jwhen our initial reporting led to a closure of the offending websites. The active, publicly traceable phase of the phishing operation began in early April, when the perpetrators registered 11 domains intended to impersonate ProtonMail mail-hosting sites. Contrary to previous reporting, we have identified that at least some of the phishing attempts have been successful.īellingcat believes that this phishing campaign formed a stage of a larger ongoing hacking operation against Russia-focused journalists and researchers, with various methods and tools – some of them without precedent – being deployed against a range of targets both within Russia and abroad. The one common denominator among them is the Russian focus of their research or activist work. The target list of over 30 individuals using the end-to-end encrypted ProtonMail email service includes journalists, researchers, academics, employees of NGOs, and political activists. Bellingcat has identified dozens of targeted individuals across Europe and the US, with the earliest reported attack dating back to April 24 2019, and some evidence suggesting the campaign was in the works since as early as March 2018. A sophisticated phishing campaign targeting Bellingcat and other Russia-focused journalists has been much larger in scope than previously thought, and has lasted at least several months.
0 kommentar(er)
