Investigative information website Bellingcat has confirmed a number of of its workers had been focused by an tried phishing assault on their ProtonMail accounts, which the journalists and the e-mail supplier say failed.
“But once more, Bellingcat finds itself focused by cyber assaults, nearly definitely linked to our work on Russia,” wrote Eliot Higgins, founding father of the investigative information website in a tweet. “I suppose one option to measure our impression is how often brokers of the Russian Federation attempt to assault it, be it their hackers, trolls, or media.”
Information emerged small variety of ProtonMail e mail accounts had been focused this week — a number of of which belonged to Bellingcat’s researchers who work on initiatives associated to actions by the Russian authorities. A phishing e mail purportedly from ProtonMail itself requested customers to alter their e mail account passwords or generate new encryption keys by way of a similarly-named area arrange by the attackers. Data present the pretend website was registered anonymously, based on an evaluation by safety researchers.
In a press release, ProtonMail stated the phishing assaults “didn’t succeed” and denied that its methods or consumer accounts had been hacked or compromised.
“Essentially the most sensible option to receive e mail knowledge from a ProtonMail consumer’s inbox is by compromising the consumer, versus making an attempt to compromise the service itself,” stated ProtonMail’s chief government Andy Yen. “For that reason, the attackers opted for a phishing marketing campaign that focused the journalists instantly.”
Yen stated the attackers tried to take advantage of an unpatched flaw in third-party software program utilized by ProtonMail, which has but to be fastened or disclosed by the software program maker.
“This vulnerability, nevertheless, isn’t broadly recognized and signifies the next degree of sophistication on the a part of the attackers,” stated Yen.
It’s not recognized conclusively who was behind the assault. Nevertheless, each Bellingcat and ProtonMail stated they imagine sure ways and indicators of the assault could level to hackers related to the Russian authorities. As an illustration, the assault’s targets had been Bellingcat’s researchers engaged on the continuing investigation into the downing of flight MH17 by Russian forces and using a nerve agent in a focused killing within the U.Okay.
Higgins stated in a tweet that this week’s tried assault probably focused “within the tens” of individuals not like earlier assaults attributed to the Russian government-backed hacker group, generally known as APT 28 or Fancy Bear.
Bellingcat prior to now yr has gained crucial popularity of its investigations into the Russian authorities, uncovering the names of the alleged Russian operatives behind the suspected missile assault that blew up Malaysian airliner MH17 in 2014. The analysis staff additionally found the names of the Russian operatives who had been since accused of poisoning former Russian intelligence agent Sergei Skripal and his daughter Yulia in a nerve agent assault in Salisbury, U.Okay. in 2018.
The researchers use open-source intelligence and data gathering the place police, legislation enforcement and intelligence businesses typically fail.
It’s not the primary time that hackers have focused Bellingcat. Its researchers had been focused a number of instances in 2016 and 2017 following the breach on the Democratic Nationwide Committee which noticed hundreds of inside emails stolen and revealed on-line.
A cellphone name to the Russian consulate in New York requesting remark was not returned.