Phishing attack by cyber fraudsters posing as members of Armenia’s ruling party
Phishing attack in Armenia
Unknown individuals attempted a phishing attack against NGOs in Armenia. They sent emails from an address resembling that of the ruling party. The messages appeared to come from a representative of the Civil Contract party.
Political analyst Tigran Grigoryan said the cyber fraudsters targeted not only civil society representatives. They also targeted authors of analytical articles that criticise Russia’s policies. The attack also targeted the Regional Center for Democracy and Security, which he heads.
“The email was so poorly fabricated that even a non-specialist could see it was fake or part of a so-called hybrid operation. It could be interpreted either as fraud or as an attempt at external interference of this kind,” he said.
Information security expert Artur Papyan says similar attacks have increased in Armenia over the past year. According to him, attackers used the same methods earlier in Ukraine and Moldova.
This is everything known at the time of publication. Journalists are seeking comment.
- Poll: Will Armenia’s ruling party win June election?
- Will Russia turn to Central Asia and the South Caucasus after Ukraine?
- EU document on Ukraine calls on Russia to withdraw troops from Georgia, Radio Liberty reports
About the email sent in the name of a ruling party representative
The attackers sent the fake email in the name of Maria Karapetyan, a member of the ruling party. Civil society representatives who reported the possible attack noted that:
- The cyber fraudsters used the domain civilcontact.am and created fake email addresses.
- The text of the email contained numerous grammatical mistakes.
- The message was written in Armenian, but the party name “Civil Contract” appeared in English.
NGO representatives contacted information security experts and the cyber police. The authorities have already blocked access to the fraudulent website civilcontact.am.
“An obvious hybrid attack”
“A group of fraudsters registered a domain that closely resembled the domain of the Civil Contract party and misled recipients. The cyber criminals used it to send emails and tried to obtain people’s data and email addresses,” said ruling party member Vaagn Aleksanyan.
According to him, not only civil society representatives received such emails. Some party members also received them.
“As far as I understand, the goal was to collect data. The message included various questions, a kind of Google form. The attackers attached it to the email as a questionnaire. The recipient had to fill it out. They may have tried to gain access to email passwords this way,” he explained.
Aleksanyan believes such attacks will become more frequent ahead of the parliamentary elections. The country will hold them on 7 June.
In this context, he also referred to an investigation into a printed newspaper distributed on the streets of Yerevan. Investigative journalists found that despite its American symbolism, the paper had been printed in Russia.
“At the same time, disinformation about a supposed shooting in Syunik spread online. It is obvious that we are dealing with a hybrid attack,” the ruling party member said.
One of the local television channels found copies of a newspaper called Wyoming Star in several districts of Yerevan. Distributors hand it out for free, mainly in the city centre. The editor of the 12-page newspaper, published in Armenian and English, remains unknown. The articles carry no bylines. All of the paper’s materials criticise Armenia’s current authorities.
Journalists found that printers produce the newspaper in Russia and then bring it to Armenia. The last page states that private entrepreneur Shukuryan Vanik Volodyaevich publishes the paper. However, the Armenian state register of legal entities does not list him. Shukuryan told journalists that he does not personally know the owner or editor of Wyoming Star. People he “cooperates with” know them.
Earlier, on 5 March, several local outlets and opposition MPs reported that residents in the town of Kapan in the Syunik region had heard gunshots. Kapan lies in southern Armenia, though not directly near the Armenian-Iranian border. Armenia’s Defence Ministry denied the reports.
“No shootings or explosions occurred on Armenian territory. Certain groups circulate articles with manipulative headlines and try to create unacceptable tension among the population,” ministry spokesperson Aram Torosyan said.
Comment
Information security expert Artur Papyan believes:
“Either Azerbaijanis or Russians carry out major cyberattacks in Armenia. When we see that attackers target Armenia and the digital trace links to Ukrainian infrastructure, we can confidently assume that Russians are behind it.
The latest phishing attack aimed to gain access to the Google accounts of prominent civil society representatives and government officials. Why? Because for many people their Google accounts link to backup copies of phone contacts and to WhatsApp.
Even if all official or work correspondence takes place elsewhere, access to these shared files can still have significant value. It can also provide important intelligence.
Attempts to gain access to Google accounts remain one of the most common methods. People need to improve their level of digital security and remain vigilant about suspicious messages.
People who hold important or sensitive information should ideally use Google Advanced Protection. This especially applies in the context of Armenia’s European integration and democratic values.
For example, when I tried to follow the link mentioned in the email, Google immediately stopped me and warned that it was very dangerous.”
Phishing attack in Armenia
