Russia calling? Scammers target high-level Western officials

Russia calling? Scammers target high-level Western officials

An image of Alexei Stolyarov or Lexus (L) impersonating Leonid Volkov next to a picture of the real Volkov (R) for comparison
An image of Alexei Stolyarov or Lexus (L) impersonating Leonid Volkov next to a picture of the real Volkov (R) for comparison. Photo: Handout / Proofpoint/AFP
Source: AFP

PAY ATTENTION: Celebrate South African innovators, leaders and trailblazers with us! Click to check out Women of Wonder 2022 by Briefly News!

A pro-Russian prankster impersonates a former US ambassador to Moscow in live video calls, part of a disinformation campaign that researchers say seeks to ensnare high-level Western officials since the invasion of Ukraine.

Russian comedy duo Vladimir Kuznetsov and Alexei Stolyarov, who go by Vovan and Lexus, have long been notorious for pranking politicians and celebrities around the world, from Justin Trudeau to Elton John and Boris Johnson.

But the pair, once dubbed Russia's Jerky Boys who have long denied any connection to the Kremlin, appear to have steadily morphed from mischief-makers to a pro-Kremlin tool of information warfare.

Cybersecurity researchers say that since the start of Russia's invasion, they have ramped up their targeting of high-profile officials and executives in North America and Europe who have spoken out against Moscow.

Read also

Bank collapse 'part of the game' for Texas fest startups

"WARNING. Someone using the phone number +1 (202) 7549885 is impersonating me," Michael McFaul, the former ambassador to Moscow, tweeted last September.

"If you connect on a video platform with this number, you will see an AI-generated 'deepfake' that looks and talks like me. It is not me. This is a new Russian weapon of war."

PAY ATTENTION: Click “See First” under the “Following” tab to see Briefly News on your News Feed!

McFaul, who served as the envoy from 2012-14, told AFP that the impersonator appeared "live" in calls to many in the Ukrainian government and "spoke in Russian," a language he knows but not fluently.

The questions the hoaxer asked were "obviously designed to undermine Ukraine's diplomatic and war efforts," McFaul added.

Proofpoint, a California-based cybersecurity firm, said its analysts have assessed with "high confidence" that this was the work of Vovan and Lexus, together dubbed TA499.

Read also

Subway 'surfing' leaves a grisly, lethal toll in New York City

"For a time, TA499 utilized McFaul as an impersonated identity in attempts to obtain contact with high-ranking officials internationally," Proofpoint's researchers told AFP.

"This phone number was noted in our data in a known TA499 campaign."

Deceit, makeup, phony emails

In an aggressive tactic since Russia invaded Ukraine in February last year, the pair has targeted prominent figures critical of Moscow with phony emails.

Masquerading as top Ukrainian officials such as the prime minister, lawmakers or their assistants, the emails -- sometimes from genuine-looking "ukr.net" addresses -- sought to persuade them into further contact via telephone or video calls, according to a report by Proofpoint.

During the calls, the duo went so far as to use "extensive makeup" to appear like the impersonated individual and coaxed their target to say things that were then selectively used for pro-Russian propaganda, the report said.

"The aim seems to be to lead their targets into 'revealing' certain things or agreeing with certain statements," Eva Maitland from the watchdog NewsGuard told AFP.

Read also

UK boosts security spending against China and Russia threats

"Fragments of the interview can then be misused widely in pro-Kremlin media as proof of various Kremlin talking points, as well as to ridicule and humiliate the interviewees."

Snippets of the calls were posted on YouTube and Rutube, a Russian video platform.

"An attempt was made by an imposter claiming to be Ukrainian PM to speak with me," British Defence Secretary Ben Wallace tweeted last March.

"He posed several misleading questions and after becoming suspicious I terminated the call."

Proofpoint said its researchers "assess with high confidence that this was the work of TA499."

Sympathy for Kremlin?

Since the start of its invasion one year ago, Russia and its supporters have sought to aggressively distort Moscow's role in Ukraine with a flood of disinformation.

The hoaxers are believed to be linked to Russian security services.

"The overall shift towards enemies of the Kremlin since the invasion indicates some sympathy and probable cooperation" with the Russian government, Roman Osadchuk, from the Atlantic Council's Digital Forensic Research Lab, told AFP.

Read also

Worry for tech startups after Silicon Valley Bank failure

"The level of sophistication, like using deep fake or lookalikes to impersonate various people, is an additional clue of possible external help."

In a 2021 interview with The Verge, the duo denied using deepfakes and said they relied on makeup and artful camera angles.

"Meet Leonid Volkov, Russian opposition leader," Kuznetsov told the American tech news website in a video call, introducing his partner-in-crime Stolyarov, who bore a passing resemblance to Volkov.

The duo hoaxed a string of European politicians that year by impersonating Volkov, an ally of jailed Kremlin critic Alexei Navalny.

As the war in Ukraine grinds on, the hoaxers are unlikely to stop, with Proofpoint warning that they could rustle up new tricks.

"TA499 is not a threat to take lightly due to the damage such propaganda could have on the brand and public perception of those targeted as well as the perpetuation of disinformation," Proofpoint said.

PAY ATTENTION: Сheck out news that is picked exactly for YOU ➡️ click on “Recommended for you” and enjoy!

Source: AFP

Authors:
AFP avatar

AFP AFP text, photo, graphic, audio or video material shall not be published, broadcast, rewritten for broadcast or publication or redistributed directly or indirectly in any medium. AFP news material may not be stored in whole or in part in a computer or otherwise except for personal and non-commercial use. AFP will not be held liable for any delays, inaccuracies, errors or omissions in any AFP news material or in transmission or delivery of all or any part thereof or for any damages whatsoever. As a newswire service, AFP does not obtain releases from subjects, individuals, groups or entities contained in its photographs, videos, graphics or quoted in its texts. Further, no clearance is obtained from the owners of any trademarks or copyrighted materials whose marks and materials are included in AFP material. Therefore you will be solely responsible for obtaining any and all necessary releases from whatever individuals and/or entities necessary for any uses of AFP material.