The U.S.-based Free Russia Foundation nonprofit said it is investigating a data breach after thousands of emails and documents supposedly related to its work were published online.
The organization suspects that the incident is linked to the Kremlin-sponsored hacker group tracked as Coldriver, according to a statement released late last week.
The Free Russia Foundation describes itself as a “nonprofit, nonpartisan, nongovernmental advocacy and justice organization led by Russians abroad.” Its most recognized members include Vladimir Kara-Murza, a Russian-British political activist, journalist and former political prisoner.
The organization’s statement about the attack came a few weeks after digital rights nonprofit Access Now and digital forensic organization The Citizen Lab published a report about Russia-aligned phishing campaigns that targeted human rights organizations, independent media, and civil society members from Eastern Europe and the U.S.
The report identified two threat groups supposedly “close to the Russian regime” who were likely behind the attack: Coldriver and Coldwastrel.
Coldriver’s activity was first discovered by Google in 2022. The group is known for targeting high-profile individuals, former intelligence and military officers, and NATO governments. Google reported that the group’s espionage activities align with the interests of the Russian government.
During the attack on the Free Russia Foundation, the hackers reportedly compromised “a number of entities,” resulting in the theft of correspondence, including grant reports and internal documents, according to the organization’s statement.
“One of the possible goals of this criminal cyberattack is to serve as a pretext for a new wave of repression against pro-democracy Russians.”
The Free Russia Foundation said that the attack “didn’t come as a surprise, as everyone who opposes Putin and his system, whether in our team or in other human rights or political opposition organizations, faces risk every day.”
“Despite continuous attacks from the Kremlin and its agents, the Free Russia Foundation remains committed to stopping the criminal war unleashed by Putin’s regime on Ukraine and to making Russia free and democratic,” the statement reads.
The investigation into the attack is still ongoing, and many details remain unknown. The Free Russia Foundation did not reply to Recorded Future News’ request for comment.
Earlier in September, a Russian-language Telegram channel began publishing documents that were allegedly leaked from the Free Russia Foundation. The hackers claimed they obtained over 2,500 “email chains” and more than 13 GB of electronic documents.
The information likely includes “strategic planning documents and other management data, as well as data on the fund’s accounting, including receipts,” the hackers said.
Unnamed former employees of the foundation confirmed to Russian independent media that the leaked documents are genuine, though no other evidence has been provided to support this.
After the documents were published online, “we immediately started calling colleagues who might be at direct risk and working to support these people, investigate, and deal with other urgent issues,” said Egor Kuroptev, the director of the Free Russia Foundation.
He suggested that this data leak could be used by hackers as a “bright demonstration” of the results of a large-scale attack against many organizations. “We are going through a difficult period that dozens of organizations have faced,” Kuroptev said.
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Daryna Antoniuk
is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.