A Russian state-sponsored spear phishing campaign, dubbed “River of Phish,” has been targeting Western and Russian civil society figures, including NGOs, independent media, and high-profile diplomats such as former U.S. Ambassador to Ukraine Steven Pifer. The campaign, believed to be orchestrated by the Coldriver group linked to the Russian Federal Security Service, employs sophisticated social engineering tactics to compromise online accounts. Citizen Lab, which exposed the campaign, warns that the actual scope of targeted individuals and organizations is likely broader, potentially including U.S. government personnel, raising concerns over further compromises within government systems.