CyberBerkut Phishing Operation

From ADTAC Disinformation Inventory

CyberBerkut is an Russian Hacktivist organization which is known for DDOS attacks against Ukraine, NATO, Western corporations and the German government.[1][2]

2017 Phishing Operation

Citizen's Lab in Toronto found that CyberBerut had sent 223 malicious links for 218 targets in the form of phishing emails. They faked a google email which asked the user to change their password. Once they clicked on this the user was taken to an imitation google sign-in page where they entered in their information which was then taken. They used a link shortener to make the links appear more legitimate. The campaign would sometimes alter documents taken from the user and leak them online. The leaked documents were then broadcast by more mainstream Russian media like RIA Novosti and Sputnik.[3]

The campaign attacked David Satter and modified his emails and published them. David Satter is an American journalist who was in contact with the National Endowment for Democracy about a group with publications in Russia Called Radio Liberty. The group altered his emails so that it looked like prominent Russian anti-corruption activists, including Alexei Navalny were being payed by Radio Liberty. These were leaked onto CyberBerkut's blog and then RIA Novosti and Sputnik Radio used the emails as evidence of an alleged CIA plan to create a revolution in Moscow.[4]

The campaign also targeted a former Russian Prime Minister, Russian journalists and activists. The majority of the targets were in Ukraine and included politicians, high ranking military personnel and government officials. In the US a prior Director of the Department of Defense was targeted as well as an ex-senior director of the National Security Council.[5]

Forbes alleges that this campaign was conducted by Fancy Bear, the hacktivist group behind the 2016 Democratic National Committee leak.[6]


2017 Twitter presence

A group claiming to be CyberBerkut on twitter released allegedly leaked emails which stated that Ukrainian government officials laundered money to give to the Clinton foundation.[7] An earlier post alleged that the U.S. government doctored evidence to implicate Russian hackers interfering in the 2016 U.S. presidential election

an image of a redacted email it claims revealed plans by the U.S. government to doctor evidence to suggest that Russian hackers had interfered in the 2016 U.S. election

Black Boxing Output
  1. https://www.cyberscoop.com/cyberberkut-returns-hillary-clinton/
  2. https://www.recordedfuture.com/cyber-berkut-analysis/
  3. https://citizenlab.ca/2017/05/tainted-leaks-disinformation-phish/
  4. https://citizenlab.ca/2017/05/tainted-leaks-disinformation-phish/
  5. https://citizenlab.ca/2017/05/tainted-leaks-disinformation-phish/
  6. https://www.forbes.com/sites/thomasbrewster/2017/05/26/russian-dnc-hackers-planted-leaks-with-fake-data/?sh=6a0e671152ff
  7. https://www.cyberscoop.com/cyberberkut-returns-hillary-clinton/
Retrieved from "https://inventory.adt.ac/w/index.php?title=CyberBerkut_Phishing_Operation&oldid=1579"