Close Menu
Cybercrime and Ransomware

Hackers Target Reporters Without Borders

Staff WriterBy No Comments4 Mins Read0 Views

Fast Facts

  1. The Russia-linked Star Blizzard APT targeted Reporters Without Borders in March with phishing emails, using spoofed contacts and thematic lures like peace negotiations to facilitate attacks.
  2. They employed sophisticated techniques including compromised websites, inaccessible PDF files, and the use of a custom phishing kit designed to target ProtonMail accounts, specifically aiming to intercept two-factor authentication.
  3. The malware tools involve injected malicious JavaScript through an adversary-in-the-middle (AiTM) technique, which pre-fills login details and intercepts credentials via a modified ProtonMail sign-in page.
  4. Star Blizzard, active since 2019 and linked to Russia’s FSB in 2023, continues spear-phishing campaigns targeting NGOs, government entities, and researchers, especially those involved with Ukraine, using increasingly advanced tactics.

What’s the Problem?

Earlier this year, the Russian-linked hacking group known as Star Blizzard targeted the French press freedom organization, Reporters Without Borders (RSF), through a sophisticated phishing campaign. Sekoia reports that this attack took place in March, involving emails crafted in both French and English. The hackers used social engineering tactics, including spoofed contacts and peace negotiation themes, to trick RSF members into engaging with malicious links. Notably, one email lied about sending a document but did not attach it, instead waiting for a reply before offering a compromised link to a PDF, which ProtonMail subsequently blocked. These tactics reveal the group’s effort to infiltrate secured accounts, especially ProtonMail, by injecting malicious scripts into sign-in pages using a technique called adversary-in-the-middle (AiTM).

Furthermore, Star Blizzard launched another attack targeting different organizations, employing ZIP archives that mimicked encrypted PDFs, aiming to steal credentials. These attacks stem from a broader pattern of spear-phishing using the ClickFix technique, which has been a hallmark of the group since 2019. The threat actor, believed to be connected to Russia’s Federal Security Service (FSB), primarily targets NGOs, government bodies, and researchers—especially those involved in Ukraine or with intelligence on related conflicts. The US government has publicly linked Star Blizzard to malicious activities, including the deployment of malware like LostKeys, emphasizing the group’s persistent and evolving efforts to compromise sensitive information and leadership in geopolitical conflicts.

What’s at Stake?

The issue of reporters without borders being targeted by Russian hackers highlights a serious threat that can equally affect your business. If hackers target your digital infrastructure, your sensitive data, customer information, and intellectual property risk exposure. Consequently, this can lead to financial loss, reputational damage, and legal consequences. Moreover, disruptions from cyberattacks may halt operations and erode stakeholder trust. Therefore, just as reports indicate, no business is immune—cyber threats are increasingly sophisticated, and the consequences can be severe. In essence, proactive security measures are essential to safeguard your assets, ensure continuity, and protect your reputation against similar threats.

Fix & Mitigation

In the fast-evolving landscape of cyber threats, timely remediation is crucial to limit damage, protect sensitive information, and maintain trust. For organizations like Reporters Without Borders targeted by Russian hackers, swift action can mean the difference between containment and catastrophic breach.

Containment Strategies
Immediately isolate affected systems from the network to prevent further intrusion or lateral movement by attackers.

Incident Response
Activate a trained incident response team to evaluate the scope and impact of the breach, gather forensic evidence, and determine the attack vector.

Communication Protocols
Notify key stakeholders, including internal leadership and external partners, while complying with legal and regulatory reporting obligations.

Vulnerability Mitigation
Identify and patch exploited vulnerabilities, such as outdated software or insecure configurations, to prevent re-entry by adversaries.

Account and Access Control
Change compromised credentials, enforce multi-factor authentication, and review access permissions to reduce attacker foothold.

Monitoring and Detection
Enhance security monitoring systems to detect ongoing malicious activity and abnormal behavior within the network.

Recovery and Restoration
Restore affected systems from secure backups, verify their integrity, and incrementally bring them back online once deemed safe.

Post-Incident Review
Analyze the incident to improve security measures, update response plans, and train staff to recognize and prevent future attacks.

Continue Your Cyber Journey

Discover cutting-edge developments in Emerging Tech and industry Insights.

Learn more about global cybersecurity standards through the NIST Cybersecurity Framework.

Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.

Cyberattacks-V1cyberattack-v1-multisource

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

Comments are closed.