New Phishing Attacks Target Russian Scholars via Fake eLibrary Emails

Recent phishing attacks attributed to the threat actor linked to Operation ForumTroll have emerged, specifically targeting Russian scholars. According to Kaspersky, a well-known Russian cybersecurity vendor, these attacks were detected in October 2025. The modus operandi involves the use of counterfeit eLibrary emails, which aim to deceive recipients into providing sensitive information. This new wave of phishing attacks marks a shift from previous campaigns that primarily focused on organizations, as the current efforts are more directed towards individual scholars within Russia.

Details of the Phishing Attack

The phishing attacks utilize fake emails that mimic legitimate communications from eLibrary services, a common resource for academic materials. The attackers are leveraging the trust associated with these services to lure victims into clicking on malicious links or providing personal data. The emails often contain urgent requests or offers that prompt the recipients to act quickly, a tactic commonly used in phishing schemes to reduce the likelihood of scrutiny. This strategy is particularly effective in academic environments where researchers may be under pressure to access resources or respond to communications swiftly.

The origins of the threat actor behind these phishing attacks remain unknown, but the implications are significant. As these attacks specifically target scholars, they can lead to the compromise of sensitive research data, personal information, and institutional integrity. The shift in focus from organizations to individuals indicates a possible evolution in the tactics employed by cybercriminals, highlighting the need for increased vigilance among users in academia.

Impact on Cybersecurity in Russia

The rise of these phishing attacks underscores the growing cybersecurity threats faced by individuals in Russia. Cybersecurity vulnerabilities can lead to severe consequences, including identity theft, financial loss, and the potential exposure of confidential research. The academic community, which often relies on digital platforms for collaboration and information sharing, may find itself particularly vulnerable to these types of cyberattacks.

As phishing techniques become more sophisticated, the potential risks to users’ privacy and system integrity also escalate. Those who fall victim to these scams may inadvertently compromise not only their own data but also that of their institutions. This creates a ripple effect that can undermine trust in academic communications and resources, which are vital for research and collaboration.

Context

The emergence of these phishing attacks coincides with a broader trend of increasing cyber threats globally. Cybercriminals are continually adapting their strategies to exploit vulnerabilities in digital communication, particularly during times of crisis or uncertainty. In Russia, the academic sector is not the only area at risk; other sectors, including finance and healthcare, have also experienced similar targeted attacks. This highlights the importance of robust cybersecurity measures across all sectors to protect sensitive information and maintain operational integrity.

What to do

To protect against phishing attacks, especially in light of the recent incidents targeting Russian scholars, it is crucial to take proactive measures:

Update all affected software to the latest versions immediately to patch any vulnerabilities.
Enable automatic updates where possible to ensure you receive the latest security enhancements.
Monitor security advisories from affected vendors to stay informed about potential threats.
Use a VPN service to protect your internet traffic. Consider reliable options like ProtonVPN or Surfshark.
Implement additional security measures, such as multi-factor authentication, to add an extra layer of protection against unauthorized access.