On Saturday evening, July 27, the website of the Swiss company provider ProtonMail issued a statement clarifying the details of the hacker attack, which suffered journalists of Bellingcat website, using the domain of the company to protect their e-mail.
As stated on the website, the journalists of Bellingcat was subjected to a “sophisticated phishing attack”: they all received emails sent allegedly on behalf of the provider ProtonMail, which they were required to enter data for log in. Hackers attempted to redirect users to a fake domain mailprotonmail.ch, where they were placed fake website ProtonMail.
ProtonMail uses technology to ensure that any e-mails stored on its servers can only be decrypted by the owners of the mailboxes and is not available even for domain owners. So the hacker attack was not aimed at hacking ProtonMail, but directly to the theft of user data.
The head of ProtonMail, Andy Yen called the incident “one of the best phishing attacks”, which ProtonMail ever encountered. But journalists have to be vigilant, and none of them told her his password.
The Bellingcat journalist Cristo Grozeva, who coordinated the investigation into the poisoning Sergei Skripal, “there is no doubt that the responsibility for hacker attack carries military intelligence GRU”.
Agree with him and Andy Yen, who spoke more cautiously: “the Resources used in this phishing attack (such as domain registrars and Resellers) are resources used in the past in other cyberattacks, conducted by the Fancy Bear (also known as APT28), a Russian cyber-espionage group that is associated with the GRU. Thus, although it is not yet fully proven, the facts (along with independent assessments by third parties), seem to indicate the attack of Russian origin.”
ProtonMail has notified the Federal police of Switzerland and the national service of cybersecurity MELANI about the attempted hacker attack. According to Andy yen, ProtonMail is conducting its own investigation.
ProtonMail — the world’s largest secure email service. It was founded in 2014 in Geneva, scientists working at the European centre for nuclear research (CERN), and has over 10 million users.