In early November 2024, European Values Center for Security Policy’s (EVC) employee received an e-mail from a long-term partner organization Free Russia Foundation which is a non-profit organization of Russian dissent based in the United States.
The e-mail appeared to be a regular communication between partners offering a document to be shared per further request. The receiver crosschecked the e-mail address which seemed suspicious, and it turned out to be fake. EVC reported this case to Computer Emergency Response Team (GovCERT) of the Czech National Cyber and Information Security Agency (NÚKIB) and per consultation answered to the sender to receive the e-mail attachment for further investigation. EVC then provided the suspicious document to NÚKIB.
After the investigation, EVC was informed by NÚKIB that this spear-phishing operation shows similarities and is probably linked to cyber offensive group called COLDRIVER (also known as Star Blizzard or Callisto Group) which The Citizen Lab associated with Russian counter-intelligence agency (FSB) aiming to gather log-in password from selected targets.
