U.S.-based nonprofit and nongovernmental advocacy organization Free Russia Foundation has launched an investigation into a breach of its systems after the leak of allegedly stolen files through a Telegram channel earlier this month, according to The Record, a news site by cybersecurity firm Recorded Future.
Russian state-sponsored threat group Coldriver has been suspected by the Free Russia Foundation of being behind the intrusion, which involved the targeting of several entities to exfiltrate internal documents, grant reports, and other correspondences in retaliation against pro-democracy Russians. Over 13 GB of electronic documents and more than 2,500 email chains, including strategic planning files, accounting, and management data were claimed by threat actors to have been exfiltrated from the nonprofit, with the legitimacy of the exposed files confirmed by unnamed former employees. Such a development comes weeks after Coldriver and fellow Russian state-backed threat operation Coldwastrel were reported by Access Now and Citizen Lab to have mounted attacks against independent media, human rights entities, and civil society members across the U.S. and Eastern Europe.
