Paper can take it all.: who threatens the regional media on behalf of the security services

In recent months, Russia has seen a new surge in cybercriminal activity. Izvestia turned out to have a fake order allegedly on behalf of the first deputy director of the FSB, which is being sent to the heads of regional media. The forgery notifies of the beginning of the verification of the publication regarding compliance with the requirements for the protection of personal data. Izvestia investigated who was behind these attacks.

How the scheme works

In early April, unknown persons contacted the owner of one of the news agencies covering life in the Volgograd and Astrakhan regions via messenger on behalf of the editor-in-chief of the same media outlet. A female voice informed the businessman about some kind of "FSB check" and offered to read a text message in Telegram. A scan of a stamped document signed by the alleged first deputy director of the FSB was sent to the messenger from an unknown number with the avatar of the editor-in-chief. The "order" announced the beginning of an unscheduled inspection of the publication "in connection with violations of legislation in the field of personal data protection."

The objectives of the audit were to establish the facts of a possible leak of personal data and contractors of the company; to study archived data "for their reliability and the possible use of forged personal data documents"; to check for possible assistance from employees with foreign intelligence services. The text is full of professional terms.

Photo: IZVESTIA/Eduard Kornienko

The addressee was also notified that they plan to request information from current and former employees; to talk with responsible persons in a "convenient way" for the effectiveness of verification; to carry out technical verification of data storage facilities (servers, archives). It was emphasized that officials must provide all necessary documents and provide access to an information system with personal data.

The addressee, a former author of criminal investigations, quickly figured out who he was dealing with and notified the staff and law enforcement agencies. However, not all media managers can distinguish a fake from the real appeal of the security forces.

A letter of admission to the system

— First of all, the attack is aimed at obtaining data about employees, their positions, and subordinates. This creates a good environment for embezzlement of funds," a law enforcement source told Izvestia. — For example, there were cases when, on behalf of the accountant's boss, they were asked to transfer funds to an account specified by fraudsters. But there is another vector — in this way, enemy intelligence agencies can acquire sources of information among media representatives. Moreover, people will think that they are helping our law enforcement agencies.

Panic button: bank applications will be equipped with new protection from fraudsters

Financial organizations are trying to protect clients from crime

Another Izvestia law enforcement source confirmed that similar letters with forged signatures from FSB leaders were received by representatives of other media outlets back in March. He did not report on the consequences of these phishing attacks.

Earlier in March, the FSB revealed the facts of illegal access of the Main Directorate of the Ministry of Defense of Ukraine to the resources of the Avangard military-patriotic education Center for youth, the official Telegram channel of the UBK of the Ministry of Internal Affairs of Russia reported. As a result of the attack, correspondence with 42 organizations was intercepted and modified.

"The changes introduced by the Ministry of Defense of Ukraine pursued the main goal — to collect personal data of adolescent children for their further recruitment and involvement in intelligence and subversive activities against the security of the Russian Federation, as well as the commission of sabotage and terrorist acts on the territory of Russia," the FSB Central Control Center of Russia said in this regard.

Letters on behalf of the heads of the FSB of Russia were sent to the heads of large companies back in the winter. Now, attacks are being carried out on regional media — the correspondents' data and their connections are of significant operational interest to foreign intelligence agencies.

It's not that well thought out

Alexander Vurasko, Director for Development of the Solar AURA External Digital Threat Monitoring Center at Solar Group of Companies, got acquainted with the fake and gave his assessment.

— Phone scammers often use fake documents to add weight to their arguments. However, in 100% of cases they are executed with errors. In some cases, they are visible only to the experienced eye of a person who works with government records management and GOST standards, but most often they can be seen immediately. The document provided in the request contains a number of errors, which makes it possible to classify it as fake. Here are just some of them: the wrong logo in the header of the document and the wrong name of the authority; there is no indentation on the left and top, this is unacceptable in principle (such a document will never be signed); "Dear" is not written in the address documents, it is required to choose the ending depending on the gender of the recipient; the order cannot Being addressable is either a letter with an addressee, or an order; the order number is inadequate. Numbering starts from the new year, and in three months it was hardly possible to issue 183 million orders.

Photo: Getty Images/PhotoAlto/Eric Audras

He also draws attention to the absence of a date and the fact that the first deputy director of the FSB allegedly signs the letter on behalf of the Moscow Central Committee.

"Such a document can be called one of the lowest—quality fake templates, which, nevertheless, can still be found in phishing mailings," the expert believes. — In this case, there are ordinary telephone scammers operating under the old scheme. After sending such an email, the victim will receive a call from an "FSB supervisor" who will tell them that the company will be checked and that none of its colleagues can be trusted. Then he will connect with a "Central Bank specialist" or other intermediate link. Eventually, the victim will be persuaded to transfer the money to a secure account or they will say that they are financing the Ukrainian Armed Forces on her behalf, so you need to collect all your savings and give them to the courier.

Beware, evil attack: the three most dangerous hacker groups are named

Who could be behind the attacks on Russian critical infrastructure facilities

The scheme is aimed at individuals and is one of the most common variations of telephone fraud, Alexander Vurasko believes.

How not to become a victim of scams

In order not to fall for the tricks of scammers, experts from the Solar AURA External digital threat monitoring center recommend using only official resources (and checking their exact address through a search engine); do not transfer funds to strangers or pay for goods or services on unverified sites; do not provide personal data, including usernames and passwords from social networks and messengers, as well as two-factor authentication codes on suspicious and unofficial websites, as well as in conversations with strangers.

Photo: IZVESTIA/Dmitry Korotaev

— It is important to use antivirus software for additional protection against malware and phishing attacks, — said Alexander Vurasko.