Russian-backed advanced persistent threat group TA499 aggressively targets big-time government entities and CEOs of high-profile companies in North America and Europe. Researchers believe the new campaign consists of two members, Vladimir Kuznetsov and Alexei Stolyarov. These actors are notorious for using fake video calls to deceive their targets.
The group has been active since a couple of years ago and suddenly increased its attacks in February last year after the Russian invasion of Ukraine commenced. The Russian group gradually widens its threat landscape to target high-profile individuals that aid Ukraine.
Based on reports, the group has targeted influential individuals like mayors of multiple cities, such as Berlin, Budapest, Madrid, Vienna, and Warsaw. Moreover, this Russian cybercriminal group has also targeted well-known individuals like celebrities like Elton John and JK Rowling.
TA499 impersonates political figures to increase the efficiency of its attacks.
According to investigations, the TA499 APT group starts its cybercriminal campaign with an email or phone call impersonating high-end political personalities, such as the People’s Deputy of Ukraine Oleksandr Merezhko or the Ukrainian Prime Minister Denys Shmyhal.
Researchers observed several email samples in March last year. They discovered that the threat actors pretended to be from the Embassy of Ukraine in the United States or the Embassy of Ukraine to the US. The impersonators requested some details or urged their targeted victims to contact them via phone or video to learn further information.
Last year, the threat actors utilised the International Atomic Energy Agency-themed domain with embassy-themed baits to send emails. In the previous months of 2022, the Russian threat actors pretended to be Ukraine’s MP and Parliamentary Assembly of the Council of Europe VP.
Separate researchers claimed that the TA499 operators utilised advanced deep fake technology to generate counterfeit recordings. Other researchers stated that the group used individuals that resemble famous personalities.
Cybersecurity experts expect that the TA499 group could use deep fake technology to create more effective social engineering lures and deceive more targets. As of now, high-profile individuals should be wary of unsolicited communications or emails that request unwanted communications.
