Suspected Russian hackers deployed a new tactic to trick even cautious UK researchers into compromising their own accounts, according to a victim and cybersecurity researchers. Recently, hackers targeted a U.S. State Department employee and then a senior consulting fellow at London's Chatham House, using stolen credentials to gain access to email accounts and correspondences. The hackers' method involved copying emails and login credentials, potentially using AI-generated messaging to bypass traditional skepticism. Despite the hacking, the Russian Foreign Ministry did not respond to inquiries.
{
"category": "Cyber",
"confidence": "High",
"country": "United Kingdom",
"description": "Suspected Russian hackers deployed a new tactic to trick even cautious UK researchers into compromising their own accounts, according to a victim and cybersecurity researchers. Recently, hackers targeted a U.S. State Department employee and then a senior consulting fellow at London's Chatham House, using stolen credentials to gain access to email accounts and correspondences. The hackers' method involved copying emails and login credentials, potentially using AI-generated messaging to bypass traditional skepticism. Despite the hacking, the Russian Foreign Ministry did not respond to inquiries.",
"event_time_utc": "2025-06-18T17:06:59Z",
"evidence": [
"Suspected Russian hackers have deployed a new tactic to trick even wary targets into compromising their own accounts, a victim of the spy campaign and researchers said on Wednesday.",
"Last month hackers impersonating a U.S. State Department employee who said her name was Claudia Weber tricked British researcher Keir Giles in a meeting she said required the use of a secure government programme, according to emails reviewed by Reuters.",
"Giles, a senior consulting fellow of the Russia and Eurasia programme at London's Chatham House, has been targeted by hackers and spies previously and said he is typically on his guard about unsolicited political offers.",
"Giles eventually provided Weber with an app-specific password, a kind of credential which can be used to help third-party applications access email accounts but can also be abused to bypass password protections.",
"Alphabet's Google attributed the hack to the Russian government, based on unusual activity it had seen previously.",
"The Russian Foreign Ministry did not immediately return messages seeking comment about Google's findings.",
"Giles said there had been 'an impressive amount of effort to make this a seamless operation.'",
"Although it would not be possible to say for sure whether the hackers used large language models — typically enabled artificial intelligence — to help draft messages, the fluency of the exchange suggests the hackers may be using such programmes, marking an upgrade from the typo-ridden, poor-motivating messages often associated with 'smash-and-grab phishing', said John Scott-Railton, a researcher at the University of Toronto-based Citizen Lab, which investigated Giles' hack."
],
"extra": {
"extra": {
"extra": {
"evidence": [
"Suspected Russian hackers have deployed a new tactic to trick even wary targets into compromising their own accounts, a victim of the spy campaign and researchers said on Wednesday.",
"Last month hackers impersonating a U.S. State Department employee who said her name was Claudia Weber tricked British researcher Keir Giles in a meeting she said required the use of a secure government programme, according to emails reviewed by Reuters.",
"Giles, a senior consulting fellow of the Russia and Eurasia programme at London's Chatham House, has been targeted by hackers and spies previously and said he is typically on his guard about unsolicited political offers.",
"Giles eventually provided Weber with an app-specific password, a kind of credential which can be used to help third-party applications access email accounts but can also be abused to bypass password protections.",
"Alphabet's Google attributed the hack to the Russian government, based on unusual activity it had seen previously.",
"The Russian Foreign Ministry did not immediately return messages seeking comment about Google's findings.",
"Giles said there had been 'an impressive amount of effort to make this a seamless operation.'",
"Although it would not be possible to say for sure whether the hackers used large language models — typically enabled artificial intelligence — to help draft messages, the fluency of the exchange suggests the hackers may be using such programmes, marking an upgrade from the typo-ridden, poor-motivating messages often associated with 'smash-and-grab phishing', said John Scott-Railton, a researcher at the University of Toronto-based Citizen Lab, which investigated Giles' hack."
]
}
}
},
"media_assets": [
{
"description": "Screenshot capture",
"type": "screenshot",
"url": "/media/event_1047_1764372758_dbc3b3a0.jpg"
}
],
"schema_version": "v1",
"screenshot_count": 1.0,
"url": "https://www.reuters.com/technology/suspected-russian-hackers-used-new-tactic-against-uk-researcher-2025-06-18"
}
Payload is too large for diff rendering (>50KB). Showing raw JSON instead.
Re-enrichment
Re-enrich
Enrichment-only: keeps existing processed data, screenshots, and media. Re-runs only the enrichment step (AI extraction) without refetching the source or regenerating screenshots. Use this if enrichment failed or you need updated AI-extracted data.
Destructive Actions
Reprocess
Full rebuild: discards processed data, refetches source, regenerates screenshots/media, and re-enriches. Reset to pending and rerun the full pipeline from the raw payload. This will discard the current processed data, refetch the source, regenerate screenshots/media, and re-enrich from scratch. Use this if processing failed or you need a full rebuild.
Delete Event
⚠️ Warning: This permanently removes the event and its history. This action cannot be undone.
