On 14 August 2024, a common investigation by international NGOs Citizen Lab, Access Now and Russian NGO Perviy Otdel found that hackers likely linked to Russia’s Federal Security Service (FSB) had targeted an array of journalists, human rights organizations, Russian opposition members and American politicians, in a campaign which was said to have started approximately 18 months ago and was linked to Russia’s full-scale invasion of Ukraine.
While according to the investigation, there were at least 10 organizations and individuals targeted, among media only Russian independent online outlet Proekt was cited.
The attack on Proekt reportedly began in November 2023, when publisher Polina Makhold received an email from a former business partner. In the email, the partner proposed a “new idea” and sent a file in PDF format. This document could not be opened using the built-in Google Drive and Proton Drive extensions in Gmail and Protonmail, Makhold recounted. In the latter case, when trying to open the file, a notification appeared on the screen which suggested to continue working directly in Proton Drive by clicking on a link.
Makhold reportedly noticed that the URL of the cloud storage did not match the real name of the Proton Drive domain “only at the last moment”. Instead, the suggested webpage was a phishing site, and entering personal data on this page would lead to this data being compromised. In the end, Proekt avoided being hacked.
According to the outlet, the mailbox from which the email came did not belong to their business partner. It looked like a real address, however it was registered not on a corporate email service, but on Protonmail. At first, the Proekt employee thought it logical that the partner had another mailbox on a service that was considered safe, but in the end, this turned out to be a trick, Russian independent media reported.