Tag: Phishing

Case Study — UNC1151 Gmail Phishing (“Suspicious account activity”) Targeting Belarusian Pro-Democracy Politician, May 2026

On 29 May 2026, an individual involved in the Belarusian democratic movement received an email in Russian pretending to be from Google. It claimed the account showed “suspicious activity” and would be deleted within 24 hours unless it was “verified.” The target recognized the message as suspicious and shared a sample with RESIDENT.NGO ThreatLab. We…

June 5, 2026
Technical Writeup: Signal Account Takeovers Phishing Campaign Targets Exiled Belarusian Activists 2025

This writeup details a targeted Signal Account Takeover (ATO) Phishing Campaign identified by RESIDENT.NGO. The campaign utilizes spear phishing conducted in Polish or English via Signal Messenger and targets Belarus-related public figures and media workers residing outside of Belarus. The goal is to trick users into surrendering their 6-digit SMS Signal registration verification code, leading…

October 6, 2025

Case Study — UNC1151 Gmail Phishing (“Suspicious account activity”) Targeting Belarusian Pro-Democracy Politician, May 2026