This Russia news blog will walk you through how Russia catches and arrests citizens sympathetic to Ukraine using phishing schemes.
Preface
These days, the hottest Russia news are almost always related to war. As many of you know, though, Russia is a pretty special country in and of itself – so much so that searching for specific information alone can be enough to land you in prison.
Phishing in Russia News
A threat research company Silent Push has found some Russia news-linked domains that also act as phishing websites. Those websites aim to spoof the websites related to Ukrainian intelligence, the U.S. Central Intelligence Agency (CIA) as well as other entities, and the operators of those websites are said to be… surprise-surprise! The Russian government.
Yes, you’ve heard that right – those Russia news websites are operated by the Russian government themselves to catch citizens that search for organizations and networks that Russia considers to be its “enemies”, and the threat intelligence firm Silent Push believes this to be the work of the Russian government or at least some state-sponsored entity.
Russia News Impersonation Campaign
According to multiple sources, this Russia news campaign consists of the following websites, amongst others:
- Websites impersonating Ukrainian intelligence and the CIA
- Websites impersonating the Russian volunteer corps
- Websites impersonating the Russian Legion of Liberty or LSR (Ukrainian-based paramilitary unit consisting of Russian citizens that opposes the Russian regime and Russian invasion of Ukraine) – the legion is designated as a “terrorist organization” in Russia
- The “I want to Live” appeals hotline initiative for Russian troops in Ukraine
It isn’t far-fetched to say that other websites and/or apps may be added to the Russia news campaign in the future, too.
Since any and all anti-war actions in the Russian Federation are deemed to be illegal, citizens participating or even searching for such information online are regularly arrested. According to some sources on the web, the Russian Legion of Liberty has even made a post on X reminding everyone that they shouldn’t be fooled by fakes and that they should “not fall into the traps of the security forces of the Putin regime.”
According to the threat intelligence company Silent Push, the majority of the websites within this campaign seemingly have one objective: they all ask for a lot of personal information from visitors – information that then, presumably, is forwarded to actors working for the Russian state.
Who Hosts the Malicious Russia News Campaign?
According to Silent Push, the Russia news campaign is hosted by a bulletproof hosting provider “Nybula LLC.” Silent Push has allegedly determined that the phishing pages related to the Russia news campaign are designed to accomplish two goals of interest to the Russian Federation:
- Identify individuals who may be gullible enough to visit such websites and possibly log their IP addresses and other information related to their computers.
- Ask them to submit their personal information to the Russia news campaign – personal information of this nature would then supposedly reach someone affiliated with the Russian government.
Silent Push says that this Russia news campaign is persistent and has a long-term goal of targeting Ukrainian entities, Russians willing to collaborate with Ukraine, and Russian-speaking informants. One of such websites – Rusvolcorps[.]net – is shown below:
What Now?
It is worth noting that users visiting such websites will see a phishing warning that looks like this:
Regardless, some time has passed until this warning came into effect meaning that Russian citizens sympathetic to Ukraine or potential Russian informants could have provided some information to the Russian government instead of the organizations they were trying to reach.
Such websites still exist and, presumably, will exist as long as the war in Ukraine will be going on. And since some of such organizations are declared „terrorist organizations“ in the Russian Federation with real prison terms of up to 20 years, the consequences can be serious, too – if you do use such websites, make sure to double-check the structure of the domains you‘re visiting:
Protecting Yourself from Fakes
Visiting fake Russia news websites could get you imprisoned – and while using unsafe passwords online doesn‘t come with a prison term, it sure comes with some pain once attackers find that you‘ve reused the same password on multiple online services.
Avoid using the same password for multiple accounts – switch to a password manager if necessary, and make good use of data breach search engines such as the one available on BreachDirectory.com:
BreachDirectory also comes with a BreachDirectory API should you want to implement the data available in the data breach search engine into your own system for your use case.
If you find the API complex or don‘t have a use case for it as you‘re not a developer, make sure to subscribe to data breach notifications – data breach notifications provided by BreachDirectory.com will alert you about the stance of your online accounts every month ensuring you always know when your online accounts are at risk of identity theft.
Summary
Russia has created loads of fake Russia news websites aiming to entice citizens sympathetic to Ukraine to connect and contact those organizations – the catch is, instead of contacting those organizations, those citizens will likely be contacting the Russian government and be arrested as a result.
If you find yourself visiting or using such websites, make sure to check official announcements and triple-check the domains of the websites you find yourself visiting. Failure to do so could result in very serious consequences.
FAQ
Why Are There So Many Fake Russia News Websites?
Fake Russia news websites started popping up as a result of the war in Ukraine. Often, the goal of such fake websites is to elicit information about the visitors for the Russian government, which then might arrest them.
How Do I Make Sure the Websites I‘m Visiting are Real?
To ensure that the websites you visit are real and not associated with phishing scams, look for the „Dangerous“ sign next to the URL if you‘re using Chrome, be wary of phishing alerts, and stay alert when browsing the web.
Why Should I Register for Data Breach Notifications on BreachDirectory.com?
Consider registering for data breach notifications on BreachDirectory.com to be informed whether your account is at risk of identity theft – users registered for data breach notifications receive monthly emails telling them whether or not their account is at risk of identity theft.