A threat group known as TA499, and publicly known as either Vovan or Lexus, are a Russian aligned pair that have been turning to deepfake and advanced social engineering techniques to persuade officials and those with access to sensitive information to engage in video calls as part of a campaign of misinformation instigated by Russian affiliates.
Their campaigns are persistent and aimed at spreading inaccurate information regarding the Ukraine war, with their focus being to target US and European politicians, prominent business figures, and celebrities who have publicly opposed Putin’s incursion into Ukraine.
The group’s ultimate aim is to coax these targets into participating in phone or video calls, during which they can attempt to extract pro-Putin statements that can be used to undermine their previous anti-Russian stances.
The extent of their connections to the Russian government remains unclear. The pair were also responsible for the video call recordings that were released in March 2022 when the pair duped UK defence secretary Ben Wallace into connecting to the call where they attempted to gain information regarding nuclear assistance to Ukraine.
Also in February this year, MP Stewart McDonald of the Scottish National Party was the victim of a spear-phishing attack in which he believes Russian-affiliated threat actors compromised his personal email account, and also that of a staff member.
These campaigns began in earnest in January of 2022 and appeared to ramp up following the invasion of Ukraine, and by March the calls were purporting to be from the Ukraine PM Denys Shmyhal or an “assistant”.
Previous tactics involved targeting officials who have openly supported Putin’s opposition leader Alexei Navalny or his staff officer.
Deep fake or lookalikes have been used on video calls in an attempt to convince callers that they are talking to Navalny’s chief of staff, Leonid Volkov.
Celebrities targeted have reportedly included JK Rowling, Elton John and mayors of European cities such as Warsaw, Budapest, Berlin and Madrid.
Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to firstname.lastname@example.org. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).