Rivers of Phish: Sophisticated Phishing Targets Russia’s Perceived Enemies Around the Globe

This Citizen Lab report documents a sophisticated, targeted spear‑phishing campaign (“River of Phish”) attributed to COLDRIVER (linked to the Russian FSB) and a separate actor named COLDWASTREL; attackers use highly personalized email lures and fake “encrypted” PDFs that redirect to credential‑harvesting phishing pages, with multiple IoCs, PDF metadata patterns, and mitigation recommendations provided.