Russian Influence Duo Targets Politicians, CEOs for Embarrassing Video Calls

  /     /     /  
Publicated : 23/11/2024   Category : security


Russian Influence Duo Targets Politicians, CEOs for Embarrassing Video Calls


A state-backed threat actor impersonates political figures, tricking a prime minister, a former US president, and several European mayors and MPs into video calls later used in an anti-Ukraine influence campaign.



A Russian duo notorious for pranking numerous high-profile individuals, including
Canadian Prime Minister Trudeau
, is at it again — this time seeking to embarrass public figures that have expressed support for Ukraine in its war with Russia.
Over the past year, the two individuals — known publicly as Vovan and Lexus — have targeted high-ranking government officials and CEOs at large companies in North America and Europe, according to Proofpoint researchers, in a campaign to lure them into saying potentially volatile things on video and phone calls. The effort seems to be in retaliation for the targets support for Ukraine in the war with Russia. 
In a blog post this week
, Proofpoint said it had observed a sharp increase in activity from the pair following Russias invasion of Ukraine last February. Since then, Vovan and Lexus have contacted numerous prominent business leaders and politicians that have either made public statements against the war or have donated to Ukrainian humanitarian programs.
In emails to the targeted individuals, the pair have variously presented themselves as Ukrainian Prime Minister Denys Shmyhal, Ukrainian Member of Parliament Oleksandr Merezhko, and Russian opposition leader Alexei Navalnys Chief of Staff Leonid Volkov. Other emails have purported to be from the Embassy of Ukraine to the US and the Embassy of Ukraine in the US, and were sent from plausible-looking, embassy-themed email addresses.
The emails have attempted to convince recipients into participating in recorded video chats and phone calls, where they are encouraged to speak on various matters associated with the war in Ukraine. In some of the video conversations, the two individuals have worn heavy makeup and likely used
deepfake technology
to take on the appearance of figures they were impersonating. Edited versions of the recordings have later appeared on YouTube, Telegram, Twitter, and Russian-video platform Rutube.
Once the target makes a statement on the matter, the video devolves into antics, attempting to catch the target in embarrassing comments or acts, Proofpoints report said. The recordings are then edited for emphasis and placed on YouTube and Twitter for Russian and English-speaking audiences.
Proofpoints report did not name any specific individuals that might have fallen for Lexus and Vovans tricks. But researchers from the company pointed Dark Reading to publicly known examples of their work.
In one instance, the pair posed as Ukrainian Prime Minister Shmyhal and tricked former
UK Home Secretary Priti Patel into a 15-minute conversation
with them on the war and the related refugee crisis. The hoaxers later posted a video of them duping Patel on YouTube and other social media channels. In another campaign last June, Vovan and Lexus tricked the mayors of Warsaw, Berlin, Vienna, and Budapest into making video calls with an individual they believed was Vitaliy Klychko, the mayor of Kyiv.
Vovan and Lexus, whose real names are Vladimir Kuznetsova and Aleksei Stolyarov, have also, as mentioned, tricked Canadian Prime Minister Trudeau (into thinking he was speaking with climate change activist Greta Thunberg). Last year, they posted a video on YouTube that purported to show former
US President George Bush speaking with an individual
he assumed was Ukrainian President Volodymyr Zelenskyy. In May 2021, the pair tricked multiple European members of Parliament into video meetings using deepfake technology to impersonate Russian opposition leaders, including Navalny.
Researchers at Proofpoint have been tracking the two individuals since 2021 under the threat actor designation TA499. This week, they cautioned against dismissing them merely as pranksters, as some have previously. While Vovan and Lexus brand themselves as pranksters and comedians, multiple
governments and officials
deem the pair to be Russian, state-funded bad actors, Alexis Dorais-Joncas, senior manager for threat research at Proofpoint, tells Dark Reading.
Proofpoint has not been able to confirm the level of government involvement with the pair, but the company has determined from open source intelligence that the two actors are likely state encouraged and patriotically motivated. Its fair to consider Vovan and Lexus as influencers or propagandists, as they deem to influence the political nature of Russia as a whole and reach an English audience through various methods, Dorais-Joncas says.
TA499s elevation to state-aligned activity is due to the targeted nature of its campaigns, utilization of actor-controlled domain infrastructure, [and] multiple VoIP fake phone numbers for separate recipients, he notes. 
The two individuals perform reconnaissance to target both directly and via the close contacts of selected targets, and presents a risk to organizations, the researcher says. These things combined with their specific focus on Russia-aligned propaganda, make them a state-aligned threat.
Proofpoint assessed with high confidence that TA499 will continue with its influence campaign, and likely reuse old or additional infrastructure to do so. The primary target continues to be C-level executives or those at the highest-profile positions at their respective organizations. 
The security vendor posted a list of email addresses that the duo has used so far in their campaigns and advised anyone who has reason to believe they could be targeted to verify the identities of people inviting them to discuss political topics.

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Russian Influence Duo Targets Politicians, CEOs for Embarrassing Video Calls