In early 2024, there were rising reports of hacktivist campaigns targeting employees at large public sector enterprises and the military-industrial complex. The attackers, allegedly acting on behalf of members of the FSB or the Ministry of Internal Affairs, diverted funds to fraudsters or instigated destructive acts that targeted military facilities and recruitment offices. This assessment comes from Alexey Korobchenko, head of the information security department at Security Code, who discussed the issue with socialbites.ca.
A new tactic has emerged: hacktivists email company staff posing as their managers who are issuing law enforcement-style orders. The main distribution channels are widely used messaging apps such as Telegram and WhatsApp. This method is commonly referred to as FakeBoss.
In this model, attackers, posing as senior leaders and using the guise of law enforcement, request employees to cooperate with unplanned audits—allegedly triggered by data leaks. The supposed leaders then demand contact with law enforcement agencies in a bid to escalate the situation. Soon after, individuals claiming to be officials from the Ministry of Internal Affairs or the FSB reach out to the victim and begin the manipulation process.
The deception unfolds with calls from so-called operators, researchers, and curators. Scammers take care to present convincing visuals, sometimes sending photos of IDs or forms when requested. Korobchenko notes that a victim who trusts the supposed official authority or who is pressured can be induced to install malware on a computer or disclose confidential corporate data.
This can lead to intimidation and blackmail. Victims may face accusations of compromising state secrets or collaborating with foreign intelligence services.
Following a multi-step process, the attackers reveal their constructed narratives and pressure targets into paying money or performing illegal acts, such as vandalizing a military registration and enlistment office or damaging a vehicle, according to the expert. He adds that the initial instances of this scheme were observed late last year, but the volume of targeted mailings has surged, especially toward the public sector and defense industries.
Korobchenko advises anyone who receives such messages outside official corporate channels to immediately cease communication with the sender, connect directly with their managers, and report the incident to the local information security service. He emphasizes that messages involving law enforcement, financial demands, and intimidation should be treated as fraud. Security professionals recommend verifying any unexpected outreach through known, formal channels before responding.
In related news, Kaspersky Lab previously challenged Google’s characterization of the Russian service 2GIS, underscoring ongoing debates about credible digital safety assessments.