Full Report
Reporters Without Borders (RSF) said on Monday that a group linked to Russia’s security services (FSB) was responsible for a failed cyber attack on the organization earlier this year. In a statement, the French nongovernmental organization – which works to protect journalists and media freedom – said that this finding was the result of a months-long…
Analysis Summary
# Threat Actor: FSB-Linked Group (Unspecified Name)
## Attribution & Identity
* **Identification:** A cyber threat group explicitly linked to Russia’s security services (FSB).
* **Known Aliases and Associated Groups:** None explicitly mentioned in the provided text, though the attribution links them directly to the FSB.
## Activity Summary
* **Recent Campaigns and Operations:** Responsible for a **failed cyber attack** against Reporters Without Borders (RSF) detected in the spring of 2025.
* **Historical Activities:** RSF states it is "regularly targeted by digital operations against its IT systems and its reputation" due to its advocacy work concerning press freedom in Russia.
## Tactics, Techniques & Procedures
* **Specific TTPs Mentioned:** The actor conducted a targeted **cyber attack** against the organization's IT systems.
* **MITRE ATT&CK IDs:** Not specified in the text.
## Targeting
* **Sectors:** Non-Governmental Organization (NGO); specifically organizations focused on media freedom and press defense.
* **Geography:** The victim, Reporters Without Borders (RSF), is a French NGO. The context implies targeting related to RSF's work *in Russia*.
* **Victims:** Reporters Without Borders (RSF).
## Tools & Infrastructure
* **Malware Families Used:** Not specified in the text.
* **Infrastructure (C2, domains, IPs):** Not specified in the text. The investigation utilized technical support from the French cybersecurity company Sekoia.
## Implications
This incident highlights the continued prioritization by Russian intelligence services to target and disrupt organizations—especially NGOs—that actively monitor or report on media freedom and information integrity within or concerning Russia. The attack was specifically motivated by the victim's advocacy work.
## Mitigations
* **Defense Recommendations Specific to this Actor:**
* Enhanced monitoring of IT systems, particularly following public reporting or operational periods concerning Russia.
* Strengthening security against advanced persistent threats (APTs) known to be associated with Russian state actors (FSB-linked intrusions).
* Continuous investigation and analysis (as demonstrated by RSF's months-long technical investigation) to attribute and understand ongoing threat campaigns.