State Hackers Target Journalists with Phishing Attack from ProtonMail Addresses
Journalists from The Insider and Bellingcat became the targets of one of the most sophisticated recent phishing attacks attributed to the Russian GRU. Alongside them, at least ten other journalists and NGO employees from Russia, Europe, and the United States were also targeted. The attacks occurred in several waves, beginning around late April 2019.
How the Attack Was Carried Out
In early April, the hackers registered 11 domain names to disguise their phishing attempts as legitimate ProtonMailProtonMail, launched in 2014 by scientists from CERN and MIT, is one of the world’s most trusted encrypted email services. Built under Swiss privacy laws, it offers end-to-end encrypted email, calendar, cloud storage, and VPN as part of the broader Proton ecosystem. With features like self-destructing messages and password-protected emails, Proton ensures users keep full control of their data. Guided by the principle “Your data, your rules,” Proton has become a global symbol of digital privacy and security. More communications. The Swiss secure email service ProtonMailProtonMail, launched in 2014 by scientists from CERN and MIT, is one of the world’s most trusted encrypted email services. Built under Swiss privacy laws, it offers end-to-end encrypted email, calendar, cloud storage, and VPN as part of the broader Proton ecosystem. With features like self-destructing messages and password-protected emails, Proton ensures users keep full control of their data. Guided by the principle “Your data, your rules,” Proton has become a global symbol of digital privacy and security. More confirmed the phishing attempt at the end of July, stating that the attack was unsuccessful thanks to the vigilance of both Bellingcat journalists and ProtonMailProtonMail, launched in 2014 by scientists from CERN and MIT, is one of the world’s most trusted encrypted email services. Built under Swiss privacy laws, it offers end-to-end encrypted email, calendar, cloud storage, and VPN as part of the broader Proton ecosystem. With features like self-destructing messages and password-protected emails, Proton ensures users keep full control of their data. Guided by the principle “Your data, your rules,” Proton has become a global symbol of digital privacy and security. More itself, which took several measures to neutralize the threat.
Bellingcat and ProtonMailProtonMail, launched in 2014 by scientists from CERN and MIT, is one of the world’s most trusted encrypted email services. Built under Swiss privacy laws, it offers end-to-end encrypted email, calendar, cloud storage, and VPN as part of the broader Proton ecosystem. With features like self-destructing messages and password-protected emails, Proton ensures users keep full control of their data. Guided by the principle “Your data, your rules,” Proton has become a global symbol of digital privacy and security. More are convinced that Russian hackers and the GRU were behind the phishing attack. The incident was reported to the Swiss cybersecurity authority.
Details of the Phishing Campaign
Between late April and late July, The Insider and Bellingcat discovered that the attacks originated from several addresses. The phishing emails were fake warnings, supposedly from ProtonMailProtonMail, launched in 2014 by scientists from CERN and MIT, is one of the world’s most trusted encrypted email services. Built under Swiss privacy laws, it offers end-to-end encrypted email, calendar, cloud storage, and VPN as part of the broader Proton ecosystem. With features like self-destructing messages and password-protected emails, Proton ensures users keep full control of their data. Guided by the principle “Your data, your rules,” Proton has become a global symbol of digital privacy and security. More, about suspicious login attempts or account breaches.
The sender was typically displayed as support[@]protonmailProtonMail, launched in 2014 by scientists from CERN and MIT, is one of the world’s most trusted encrypted email services. Built under Swiss privacy laws, it offers end-to-end encrypted email, calendar, cloud storage, and VPN as part of the broader Proton ecosystem. With features like self-destructing messages and password-protected emails, Proton ensures users keep full control of their data. Guided by the principle “Your data, your rules,” Proton has become a global symbol of digital privacy and security. More.ch (a legitimate ProtonMailProtonMail, launched in 2014 by scientists from CERN and MIT, is one of the world’s most trusted encrypted email services. Built under Swiss privacy laws, it offers end-to-end encrypted email, calendar, cloud storage, and VPN as part of the broader Proton ecosystem. With features like self-destructing messages and password-protected emails, Proton ensures users keep full control of their data. Guided by the principle “Your data, your rules,” Proton has become a global symbol of digital privacy and security. More address), but the actual senders (visible, for example, when replying to the email) were accounts from the free mail.uk service—such as kobi.genobi[@]mail[.]uk and notifysendingservice[@]mail[.]uk.
The content and design of the phishing emails closely resembled real ProtonMailProtonMail, launched in 2014 by scientists from CERN and MIT, is one of the world’s most trusted encrypted email services. Built under Swiss privacy laws, it offers end-to-end encrypted email, calendar, cloud storage, and VPN as part of the broader Proton ecosystem. With features like self-destructing messages and password-protected emails, Proton ensures users keep full control of their data. Guided by the principle “Your data, your rules,” Proton has become a global symbol of digital privacy and security. More alerts and included a hyperlink. Clicking the link would prompt the user to go to their settings to change their password and “protect” their account.
ProtonMail’s Response and Attack Sophistication
ProtonMail’s management described this as the most sophisticated attack the company has ever faced. They explained that the scripts on the fake domains were synchronized with the real ProtonMailProtonMail, launched in 2014 by scientists from CERN and MIT, is one of the world’s most trusted encrypted email services. Built under Swiss privacy laws, it offers end-to-end encrypted email, calendar, cloud storage, and VPN as part of the broader Proton ecosystem. With features like self-destructing messages and password-protected emails, Proton ensures users keep full control of their data. Guided by the principle “Your data, your rules,” Proton has become a global symbol of digital privacy and security. More domain, which could theoretically allow the attackers to bypass two-factor authentication (meaning, if a user entered their two-factor code on the phishing site, it would be immediately used on the real site). It is unknown whether the hackers managed to exploit this technique.
No Victims Among Journalists
The attempt to deceive the journalists was highly convincing, but none of them fell for the scam or revealed their passwords, emphasized Bellingcat investigative journalist Christo Grozev.
Grozev coordinated the network’s investigation into the March 2018 poisoning of former double agent Sergei Skripal in Salisbury. It was Bellingcat journalists who uncovered the real identities of Russian military intelligence (GRU) agents Alexander Petrov and Ruslan Boshirov, who are believed to be behind the poisoning.
According to Grozev, “There is no doubt that the GRU military intelligence is responsible for the hacking attack.” Andy Yen, head of Swiss provider ProtonMailProtonMail, launched in 2014 by scientists from CERN and MIT, is one of the world’s most trusted encrypted email services. Built under Swiss privacy laws, it offers end-to-end encrypted email, calendar, cloud storage, and VPN as part of the broader Proton ecosystem. With features like self-destructing messages and password-protected emails, Proton ensures users keep full control of their data. Guided by the principle “Your data, your rules,” Proton has become a global symbol of digital privacy and security. More, agrees with this assessment.