Russian Hackers Imitate European Events in Coordinated Phishing Campaigns

Russian state-linked hackers are impersonating high-profile European security conferences to compromise cloud email and collaboration accounts at governments, think tanks, and policy organizations, according to new research from cybersecurity firm Volexity. The campaigns, active through late 2025, abuse legitimate Microsoft and Google authentication workflows and rely on painstaking social engineering to trick victims into effectively gaining unauthorized access to sensitive information.

Coordinated Attacks on European Targets

Researchers at Volexity discovered a series of coordinated phishing campaigns targeting European governments, research institutions, and organizations involved in policy-making. The attacks, which began in mid-2025, aimed to exploit the trust of unsuspecting victims by impersonating prominent security conferences and leveraging legitimate authentication workflows.

According to Volexity’s findings, the attackers used Microsoft and Google’s own authentication systems against the victims, compromising their cloud email and collaboration accounts. This allowed the hackers to gain access to sensitive information, including confidential documents and communication records.

Social Engineering Tactics

The attackers employed sophisticated social engineering tactics to trick their victims into divulging sensitive information. Researchers at Volexity noted that the attackers used a combination of phishing emails, phone calls, and social media messages to create a sense of urgency and trust among their targets.

“The attackers are using a very convincing approach, making it difficult for victims to distinguish between legitimate and malicious communication,” said a Volexity researcher, who wished to remain anonymous. “They’re using the victims’ own authentication workflows against them, making it challenging to detect and prevent the attacks.”

Targeting High-Profile Organizations

Researchers at Volexity identified several high-profile organizations as targets of the coordinated phishing campaigns. These included governments, research institutions, and policy organizations in the United Kingdom, Germany, France, and the Netherlands.

According to Volexity’s findings, the attackers focused on organizations with high levels of access to sensitive information and those with strong connections to European security communities. This included think tanks, research centers, and policy organizations involved in shaping EU and international security policies.

Abuse of Legitimate Authentication Workflows

The attackers abused legitimate Microsoft and Google authentication workflows to gain unauthorized access to cloud email and collaboration accounts. This allowed them to bypass traditional security measures and gain access to sensitive information.

“The attackers are using the victims’ own authentication workflows against them, making it challenging to detect and prevent the attacks,” said a Volexity researcher. “This is a classic example of a ‘whaling’ attack, where the attackers target high-profile organizations and individuals with sophisticated social engineering tactics.”

Consequences of the Attacks

The consequences of the coordinated phishing campaigns are significant, with potential impacts on European governments, research institutions, and policy organizations. These organizations rely on secure communication and collaboration systems to make informed decisions and shape policy.

Compromised cloud email and collaboration accounts can lead to the theft of sensitive information, including confidential documents and communication records. This can have serious consequences for organizations, governments, and individuals, including reputational damage, financial losses, and compromised national security.

Prevention and Detection

Preventing and detecting coordinated phishing campaigns requires a multi-layered approach. Organizations must implement robust security measures, including multi-factor authentication, email and web filtering, and regular security awareness training.

Individuals must also be vigilant and cautious when receiving unsolicited emails or communication, especially those that create a sense of urgency or require sensitive information. By being aware of these tactics and taking proactive steps, individuals and organizations can reduce their risk of falling victim to coordinated phishing campaigns.

Frequently Asked Questions

Q: What is the scope of the coordinated phishing campaigns?

A: The coordinated phishing campaigns targeted European governments, research institutions, and policy organizations, including those in the United Kingdom, Germany, France, and the Netherlands.

Q: What types of organizations were targeted?

A: High-profile organizations with high levels of access to sensitive information and those with strong connections to European security communities, including think tanks, research centers, and policy organizations involved in shaping EU and international security policies.

Q: What was the impact of the attacks on the targeted organizations?

A: The attacks compromised cloud email and collaboration accounts, leading to the theft of sensitive information, including confidential documents and communication records. This can have serious consequences for organizations, governments, and individuals, including reputational damage, financial losses, and compromised national security.

Q: How can individuals and organizations prevent and detect coordinated phishing campaigns?

A: Individuals and organizations can prevent and detect coordinated phishing campaigns by implementing robust security measures, including multi-factor authentication, email and web filtering, and regular security awareness training. Individuals must also be vigilant and cautious when receiving unsolicited emails or communication, especially those that create a sense of urgency or require sensitive information.

Q: What is being done to address the issue of coordinated phishing campaigns?

A: Cybersecurity firms, governments, and organizations are working together to address the issue of coordinated phishing campaigns. This includes implementing new security measures, conducting regular security awareness training, and sharing intelligence to stay ahead of the attackers.

Q: What is the significance of the coordinated phishing campaigns?

A: The coordinated phishing campaigns are significant because they highlight the evolving threat landscape and the need for robust security measures. They also underscore the importance of international cooperation and information sharing in combating cyber threats.