top of page

Russian group behind video calls and email compromise

A threat group known as TA499, and publicly known as either Vovan or Lexus, are a Russian aligned pair that have been turning to deepfake and advanced social engineering techniques to persuade officials and those with access to sensitive information to engage in video calls as part of a campaign of misinformation instigated by Russian affiliates.

Their campaigns are persistent and aimed at spreading inaccurate information regarding the Ukraine war, with their focus being to target US and European politicians, prominent business figures, and celebrities who have publicly opposed Putin’s incursion into Ukraine.

The group’s ultimate aim is to coax these targets into participating in phone or video calls, during which they can attempt to extract pro-Putin statements that can be used to undermine their previous anti-Russian stances.

The extent of their connections to the Russian government remains unclear. The pair were also responsible for the video call recordings that were released in March 2022 when the pair duped UK defence secretary Ben Wallace into connecting to the call where they attempted to gain information regarding nuclear assistance to Ukraine.

Also in February this year, MP Stewart McDonald of the Scottish National Party was the victim of a spear-phishing attack in which he believes Russian-affiliated threat actors compromised his personal email account, and also that of a staff member.

These campaigns began in earnest in January of 2022 and appeared to ramp up following the invasion of Ukraine, and by March the calls were purporting to be from the Ukraine PM Denys Shmyhal or an “assistant”.

Previous tactics involved targeting officials who have openly supported Putin’s opposition leader Alexei Navalny or his staff officer.

Deep fake or lookalikes have been used on video calls in an attempt to convince callers that they are talking to Navalny’s chief of staff, Leonid Volkov.

Celebrities targeted have reportedly included JK Rowling, Elton John and mayors of European cities such as Warsaw, Budapest, Berlin and Madrid.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page