Hackers impersonating US government compromise email account of prominent Russia researcher

Keir Giles, a prominent British researcher on Russia, announced this weekend that several of his email accounts had been targeted “with a sophisticated account takeover” by hackers impersonating the U.S. State Department.

In a warning on LinkedIn, Giles — the author of “Russia's War on Everybody” and a consulting fellow at the Chatham House think tank — told his contacts to handle with caution any unexpected emails they received from him.

“In our long collective experience with sophisticated account takeovers, there’s a likelihood that anything that the attackers acquired before they were locked out — including, potentially, messages you or others have sent me, may be included in a future tainted data dump,” he wrote.

It follows Giles being targeted last year by hackers working for Russia’s intelligence services who impersonated researchers and academics in an ongoing campaign to gain access to their colleagues’ email accounts. Giles’ accounts were not compromised at that time.

Independent analyses of the emails, attachments and credential-harvesting infrastructure targeting Giles were conducted by cybersecurity companies Secureworks and Mandiant.

Both companies said they believed the campaign was perpetrated by a state-sponsored threat group tracked variously as Iron Frontier, Calisto, Coldriver or Star Blizzard, that the British government has assessed to be operating for the Russian intelligence services.

That group was attributed to Center 18 of the Russian Federal Security Service (FSB) by the British government in 2013, which  summoned the Russian ambassador over the activities of the hacking group as it accused the Kremlin of being behind a “sustained but unsuccessful” campaign of hack-and-leak operations designed to undermine democratic institutions.

At the same time, the U.S. Department of Justice charged two Russian nationals with being part of Center 18’s spearphishing campaigns dating back to 2016: FSB officer Ruslan Aleksandrovich Peretyatko and Andrey Stanislavovich Korinets, who was not described as an FSB officer but as the creator of the fraudulent domains.

According to the British government, Center 18’s previous targets in the United Kingdom include Sir Richard Dearlove, the former head of the Secret Intelligence Service (MI6), and a think tank called the Institute for Statecraft, which had worked on countering Russian information operations.