https://krebsonsecurity.com/2025/03/when-getting-phished-puts-you-in-mortal-danger
Sophisticated Campaign Could Lead to Imprisonment or Worse for Victims
A dangerous network of phishing websites is targeting Russians seeking to join Ukrainian paramilitary groups, potentially leading to severe consequences including lengthy prison sentences or worse for victims, according to new research released by cybersecurity firm Silent Push.
The investigation uncovered dozens of phishing domains impersonating recruitment websites for anti-Putin organizations, including the “Freedom of Russia Legion,” a Ukrainian paramilitary unit comprised of Russian citizens opposing the Kremlin regime. These sophisticated phishing sites are nearly identical to legitimate recruitment pages, using interactive Google Forms to collect personal information from potential recruits.
Security researcher Artem Tamoian, who first identified several of these domains, noted significant differences in search results between Google and Russia’s Yandex search engine, with the phishing sites often appearing as top results in Russian searches. The fake websites have also been found ranking highly in DuckDuckGo and Bing search results.
“I started looking into those phishing websites because I kept stumbling upon news that someone gets arrested for trying to join the Ukrainian Army or for trying to help them,” said Tamoian, a Russian native who left the country in 2019.
What distinguishes these phishing operations from typical scams is the severity of consequences for victims. Russia’s Supreme Court designated the Freedom of Russia Legion as a terrorist organization in March 2023, meaning Russians caught communicating with the group could face between 10 and 20 years in prison.
Technical analysis linked some of the phishing domains to Stark Industries Solutions Ltd, a known “bulletproof hosting” network that materialized shortly before Russia’s invasion of Ukraine. This hosting provider has previously been tied to infrastructure used for DDoS attacks, malware distribution, and disinformation campaigns associated with Russian intelligence agencies.
Rather than being distributed through traditional phishing emails, these fraudulent websites appear to be promoted primarily through search engine manipulation, creating a dangerous trap for Russians searching for ways to oppose the Putin regime.
“All observed campaigns had similar traits and shared a common objective: collecting personal information from site-visiting victims,” Silent Push stated in their report. “Our team believes it is likely that this campaign is the work of either Russian Intelligence Services or a threat actor with similarly aligned motives.”
The ongoing campaign represents a stark reminder that in regions of geopolitical conflict, falling victim to phishing can have consequences far beyond financial loss or data theft – it can put lives at risk.