Both kinds of attacks were highly tailored to better deceive members of the target organizations. The most common attack pattern we observed was an email sent either from a compromised account or from an account appearing similar to the real account of someone the victim may have known.
River of Phish involves the use of personalized and highly-plausible social engineering tactics to trick victims into clicking on an embedded link in a PDF lure document, which redirects them to a credential harvesting page, but not before fingerprinting the infected hosts.
We believe this was intentional, and intended to increase the credibility of the communication, reduce the risk of detection, and sell the attack.
The campaign has targeted Russian and Belarusian non-profit organizations, independent media, and opposition figures in exile, showcasing a calculated approach that reveals the stakes of information security.
[
Collection
]
[
|
...
]