A series of phishing scams targeting Russians searching online for anti-Kremlin organizations have raised concerns about potential repercussions, including imprisonment and even death. These phishing campaigns, designed to collect personal information from unsuspecting individuals, mimic the recruitment websites of Ukrainian paramilitary groups and government intelligence sites.
Researchers at security firm Silent Push have identified a network of phishing domains that spoof legitimate websites of Ukrainian paramilitary groups. One such website, legiohliberty[.]army, impersonates the Freedom of Russia Legion, a Ukrainian-based paramilitary unit composed of Russian citizens who oppose Vladimir Putin and his actions in Ukraine. The fake version of the website prompts visitors to fill out a Google Form with personal details such as name, gender, age, email address, country, political views, and motivations for joining.
The implications of participating in anti-war activities against the Russian government are severe, as citizens can face arrest and imprisonment. Silent Push suspects that the phishing campaign is either linked to Russian Intelligence Services or a threat actor with similar motives. The connection between the fake Legion Liberty site and rusvolcorps[.]net, which mimics the recruitment page for the Russian Volunteer Corps, further underscores the coordinated effort to gather sensitive information.
Other domains identified in the phishing scheme include ciagov[.]icu, which mirrors the official website of the U.S. Central Intelligence Agency, and hochuzhitlife[.]com, which spoofs the Ministry of Defense of Ukraine & General Directorate of Intelligence. These domains, while not promoted via email, appear to be strategically placed in search engine results to lure individuals seeking information on anti-Putin organizations.
Security researcher Artem Tamoian has raised concerns about the prevalence of these phishing sites, which often rank higher in search engine results than legitimate websites. Tamoian, who founded the cyber investigation platform malfors.com, discovered additional phishing sites impersonating Ukrainian paramilitary groups and reported them to Cloudflare. The real Internet addresses of these sites were traced back to a well-known “bulletproof hosting” network called Stark Industries Solutions Ltd, which has a history of hosting malicious activities.
The consequences of interacting with these phishing sites can be dire, as Russia’s Supreme Court has designated the Freedom of Russia Legion as a terrorist organization. Individuals caught communicating with the group face lengthy prison terms, highlighting the risks associated with engaging with anti-Kremlin entities. Tamoian emphasizes that individuals searching for information about these groups are vulnerable to surveillance and arrest by Russian security services.
While specific details of arrests related to these phishing sites remain classified, Tamoian believes that the Russian government is behind a systematic campaign to target individuals seeking to join Ukrainian paramilitary groups. The persistent nature of these phishing schemes, coupled with their visibility on search engines like DuckDuckGo and Yandex, suggests a calculated effort to exploit individuals searching for anti-Kremlin organizations.
In conclusion, the proliferation of phishing sites targeting individuals interested in anti-Kremlin activities underscores the dangers of online deception. As individuals navigate the digital landscape in search of information and solidarity, they must remain vigilant against malicious actors seeking to exploit their intentions for nefarious purposes.