The Russian-aligned TA499 threat group is aggressively targeting high-profile government officials and CEOs of prominent companies, as well as celebrities in North American and European countries.
TA499 appears to be a two-person operator group known publicly as Vovan and Lexus. It is not known how closely they are linked to the Russian government. However, their operations are sophisticated, complex and do not appear to be financially motivated.
According to the researchers, TA499’s operation begins by making contact by email or phone with its targets. Although this activity began before the invasion of Ukraine, “TA499 campaigns began to increase in late January 2022, culminating in increasingly aggressive attempts after Russia invaded Ukraine in late February 2022.
One example of these attacks was that in mid-2022, in conjunction with embassy-themed lures, threat actors used the International Atomic Energy Agency theme domain to send emails. Towards the end of 2022, they posed as Oleksandr Merezhko, a Ukrainian MP and Vice President of the Parliamentary Assembly of the Council of Europe, and Chief of Staff Leonid Volkov.
The recordings of the phone calls are then released to the public via YouTube and RuTube in an attempt to win public sympathy and support for the Russian regime and its actions. We do not know how long this situation will continue, so we must be careful with what we trust on the Internet.