A Russian duo infamous for pranking quite a few high-profile people, together with Canadian Prime Minister Trudeau, is at it once more — this time in search of to embarrass public figures which have expressed help for Ukraine in its battle with Russia.
Over the previous yr, the 2 people — identified publicly as Vovan and Lexus — have focused high-ranking authorities officers and CEOs at massive firms in North America and Europe, in accordance with Proofpoint researchers, in a marketing campaign to lure them into saying doubtlessly unstable issues on video and telephone calls. The hassle appears to be in retaliation for the targets’ help for Ukraine within the battle with Russia.
An Elaborate Impersonation Con
In a weblog submit this week, Proofpoint stated it had noticed a pointy enhance in exercise from the pair following Russia’s invasion of Ukraine final February. Since then, Vovan and Lexus have contacted quite a few distinguished enterprise leaders and politicians which have both made public statements towards the battle or have donated to Ukrainian humanitarian applications.
In emails to the focused people, the pair have variously offered themselves as Ukrainian Prime Minister Denys Shmyhal, Ukrainian Member of Parliament Oleksandr Merezhko, and Russian opposition chief Alexei Navalny’s Chief of Employees Leonid Volkov. Different emails have presupposed to be from the “Embassy of Ukraine to the US” and the “Embassy of Ukraine within the US,” and had been despatched from plausible-looking, embassy-themed electronic mail addresses.
The emails have tried to persuade recipients into taking part in recorded video chats and telephone calls, the place they’re inspired to talk on numerous issues related to the battle in Ukraine. In a number of the video conversations, the 2 people have worn heavy make-up and sure used deepfake expertise to tackle the looks of figures they had been impersonating. Edited variations of the recordings have later appeared on YouTube, Telegram, Twitter, and Russian-video platform Rutube.
“As soon as the goal makes a press release on the matter, the video devolves into antics, trying to catch the goal in embarrassing feedback or acts,” Proofpoint’s report stated. “The recordings are then edited for emphasis and positioned on YouTube and Twitter for Russian and English-speaking audiences.”
A Who’s Who of Victims
Proofpoint’s report didn’t title any particular people which may have fallen for Lexus and Vovan’s methods. However researchers from the corporate pointed Darkish Studying to publicly identified examples of their work.
In a single occasion, the pair posed as Ukrainian Prime Minister Shmyhal and tricked former UK House Secretary Priti Patel right into a 15-minute dialog with them on the battle and the associated refugee disaster. The hoaxers later posted a video of them duping Patel on YouTube and different social media channels. In one other marketing campaign final June, Vovan and Lexus tricked the mayors of Warsaw, Berlin, Vienna, and Budapest into making video calls with a person they believed was Vitaliy Klychko, the mayor of Kyiv.
Vovan and Lexus, whose actual names are Vladimir Kuznetsova and Aleksei Stolyarov, have additionally, as talked about, tricked Canadian Prime Minister Trudeau (into considering he was talking with local weather change activist Greta Thunberg). Final yr, they posted a video on YouTube that purported to indicate former US President George Bush talking with a person he assumed was Ukrainian President Volodymyr Zelenskyy. In Could 2021, the pair tricked a number of European members of Parliament into video conferences utilizing deepfake expertise to impersonate Russian opposition leaders, together with Navalny.
A Russian State-Backed Menace?
Researchers at Proofpoint have been monitoring the 2 people since 2021 below the menace actor designation “TA499.” This week, they cautioned towards dismissing them merely as pranksters, as some have beforehand. “Whereas Vovan and Lexus model themselves as ‘pranksters and comedians,’ a number of governments and officials deem the pair to be Russian, state-funded dangerous actors,” Alexis Dorais-Joncas, senior supervisor for menace analysis at Proofpoint, tells Darkish Studying.
Proofpoint has not been in a position to affirm the extent of presidency involvement with the pair, however the firm has decided from open supply intelligence that the 2 actors are doubtless state inspired and patriotically motivated. “It is truthful to contemplate Vovan and Lexus as ‘influencers’ or ‘propagandists,’ as they deem to affect the political nature of Russia as an entire and attain an English viewers by numerous strategies,” Dorais-Joncas says.
“TA499’s elevation to state-aligned exercise is as a result of focused nature of its campaigns, utilization of actor-controlled area infrastructure, [and] a number of VoIP pretend telephone numbers for separate recipients,” he notes.
The 2 people carry out reconnaissance to focus on each straight and through the shut contacts of chosen targets, and presents a danger to organizations, the researcher says. “This stuff mixed with their particular concentrate on Russia-aligned propaganda, make them a state-aligned menace.”
Proofpoint assessed with excessive confidence that TA499 will proceed with its affect marketing campaign, and sure reuse previous or further infrastructure to take action. The first goal continues to be C-level executives or these on the highest-profile positions at their respective organizations.
The safety vendor posted an inventory of electronic mail addresses that the duo has used thus far of their campaigns and suggested anybody who has motive to imagine they might be focused to confirm the identities of individuals inviting them to debate political matters.
