Enlarge / Locked out. (credit: Sean Gladwell / Getty Images )

Threat actors aligned with Russia and Belarus are targeting elected US officials supporting Ukraine, using attacks that attempt to compromise their email accounts, researchers from security firm Proofpoint said.

The campaign, which also targets officials of European nations, uses malicious JavaScript that’s customized for individual webmail portals belonging to various NATO-aligned organizations, a report Proofpoint published Thursday said. The threat actor—which Proofpoint has tracked since 2021 under the name TA473—employs sustained reconnaissance and painstaking research to ensure the scripts steal targets’ usernames, passwords, and other sensitive login credentials as intended on each publicly exposed webmail portal being targeted.

Tenacious targeting

“This actor has been tenacious in its targeting of American and European officials as well as military and diplomatic personnel in Europe,” Proofpoint threat researcher Michael Raggi wrote in an email. “Since late 2022, TA473 has invested an ample amount of time studying the webmail portals of European government entities and scanning publicly facing infrastructure for vulnerabilities all in an effort to ultimately gain access to emails of those closely involved in government affairs and the Russia-Ukraine war.”

Enlarge / A Russian Proton-M rocket carrying Spain's satellite Amazonas-5 blasts off from the launch pad at the Russian-leased Baikonur cosmodrome in Kazakhstan in 2017. (credit: KIRILL KUDRYAVTSEV/AFP via Getty Images)

The Soviet Union created the Baikonur Cosmodrome in 1955 to serve as a test site for intercontinental ballistic missiles. A few years later it became the world's first spaceport with the launch of the historic Sputnik 1 and Vostok 1 missions. The sprawling cosmodrome was a mainstay of the Soviet space program.

After the breakup of the Soviet Union, Russia began to lease the spaceport from the government of Kazakhstan and currently has an agreement to use the facilities through the year 2050. Russia pays an annual lease fee of about $100 million. Neither country is particularly happy with the relationship; the Kazakh government feels like it is under-compensated, and the Russian government would like it to be in its own country, which is why it has moved in recent years to build a new launch site for most of its rockets in the Far East of Russia, at Vostochny.

Despite some of this uneasiness, however, the two governments have been working together on future space projects. For example, the main Russian space corporation, Roscosmos, has been developing a new medium-lift rocket that it anticipates launching from Baikonur. This is the Soyuz-5 vehicle, a three-stage rocket powered by RD-171 engines that will burn kerosene fuel. Russia is counting on this vehicle to replace its aging Proton-M rocket and be more cost-competitive with commercial rockets such as SpaceX's Falcon 9 booster.

Enlarge (credit: Aurich Lawson | Getty Images)

“Women, life, freedom” became the protest chant of a revolution still raging in Iran months after a 22-year-old Kurdish woman, Mahsa Amini, died while in custody of morality police. Amini was arrested last September for “improperly” wearing a hijab and violating the Islamic Republic's mandatory dress code laws. Since then, her name has become a viral hashtag invoked by millions of online activists protesting authoritarian regimes around the globe.

In response to Iran's ongoing protests—mostly led by women and young people—Iranian authorities have increasingly restricted Internet access. First, they temporarily blocked popular app stores and indefinitely blocked social media apps like WhatsApp and Instagram. They then implemented sporadic mobile shutdowns wherever protests flared up. Perhaps most extreme, authorities responded to protests in southeast Iran in February by blocking the Internet outright, Al Arabiya reported . Digital and human rights experts say motivations include controlling information, keeping protestors offline, and forcing protestors to use state services where their online activities can be more easily tracked—and sometimes trigger arrests.

As getting online has become increasingly challenging for everyone in Iran—not just protestors—millions have learned to rely on virtual private networks (VPNs) to hide Internet activity, circumvent blocks, and access accurate information beyond state propaganda. Simply put, VPNs work by masking a user's IP address so that governments have a much more difficult time monitoring activity or detecting a user's location. They do this by routing the user's data to the VPN provider's remote servers, making it much harder for an ISP (or a government) to correlate the Internet activity of the VPN provider's servers with the individual users actually engaging in that activity.