Silent Push threat researchers identified the operation, revealing it consists of four major phishing clusters impersonating not only the CIA but also the Russian Volunteer Corps, Legion Liberty, and “Hochuzhit” (an appeals hotline for Russian service members in Ukraine operated by the Defense Intelligence of Ukraine). In a sophisticated cyber espionage campaign recently uncovered, Russian hackers have been impersonating the U.S. Central Intelligence Agency (CIA) and other organizations to harvest sensitive information from Ukrainian sympathizers and potential Russian defectors. The operation utilizes carefully crafted phishing websites that mimic legitimate organizations, creating convincing facades to trick victims into divulging personal information. For example, instead of using the legitimate CIA domain (cia.gov), they registered domains like “ciagov.icu” and “ciacontactru.com” to fool victims. By creating nearly identical replicas of trusted websites with only subtle differences in domain names, the attackers have established an effective method for collecting sensitive data from unsuspecting victims. This infrastructure connectivity helped analysts link the seemingly disparate phishing clusters to a single coordinated operation targeting Ukrainian defense intelligence channels. The attackers created convincing replicas of legitimate forms, using Google Forms in many cases to collect personal information from victims. Similar tactics were used across all targeted organizations, with domains like “legionliberty.top” mimicking the legitimate “legionliberty.army” site.
This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 28 Mar 2025 14:30:04 +0000