The emails included a link for downloading a document, which would be used to infect the victim's computer. All recipients recognised former correspondence fragments, which were used to promote trust in the email.
This is at least the second such attack in the last three months where phishing emails were sent claiming to be from the Russian embassy. However, the embassy itself informed the media in October that its email system had experienced a cyber attack.
The attack didn't include critical vulnerabilities, but the downloadable documents included macro functions, where the user had to accept permissions. Cert.lv urges everyone to check the authenticity of all emails by checking the “From” and “Repy to” addresses before opening any attachments or downloading any documents, as well as to avoid accepting any macro function permissions from documents.
Cert.lv asks that you please notify the institution if you are aware of any similar attacks by writing to [email protected].
Previous cyber attacks
As previously reported earlier this year Latvia's Defense Ministry said on February 20 that bogus emails had been reported purporting to have been sent by Defense Minister Artis Pabriks but which were in fact fakes.
“I would like to congratulate our cyber security experts from CERT.LV, who quickly removed fake emails and found that they were sent from Russian servers. I can only wonder whether I have earned such "attention" with a critical interview with the Russian radio station "Eho Moskvi" or "too active" work at the Munich Security Conference," said Pabriks.
Also reported last year, While the hacking of a social media site in Latvia on Saeima election day, October 6, made headlines, in fact the country was subjected to - and successfully repulsed - a wider cyber attack, reports Olga Dragileva of LTV's De Facto weekly investigative show.
As LSM reported on election day, the popular Draugiem social networking site was briefly hacked, and pro-Russian messages posted, though no user data was compromised, according to the company that runs the service. It is now functioning normally again. Responsibility for the attack has yet to be established.
But according to De Facto, a larger and sophisticated cyber-assault was under way at the same time, with government institutions and important internet servers targeted, including the infrastructure of the Central Election Commission which was conducting the election. However the attack was unsuccessful and had no impact on the election.
Later in 2018 the IT systems of Latvia's Interior Ministry have been affected by spyware, probably of Russian origin, reported LTV's De facto investigative news show November 25.
The Constitution Protection Bureau (SAB) told the press that Latvia's cyber space has been attacked by the same Russian state hacker group that involved in the infamous cases of alleged Russian attacks against the international chemical weapons watchdog and the World Anti-Doping Agency.
Even though the virus in Interior Ministry systems was discovered three years ago, officials are slow to confirm Latvia's systems are safe now. Nevertheless it is thought that systems with access to important state data were unaffected.
As previously reported, On 21 October 2019, Riga hosted an e-PINE (Enhanced Partnership in Northern Europe) meeting of cyber-experts from the Baltic States, Nordic countries (NB8) and the United States of America, Latvia's Ministry of Foreign Affairs said October 22.
"Malicious and harmful activities engaged in by other countries in cyberspace raise serious concerns; therefore, issues related to cyber security are playing a central role in international security policy." the statement said.
Developments in the countries represented at the meeting were also discussed, with Latvia making a presentation on its new cyber security strategy for 2019-2022.