VERY IMPORTANT

One domain targets a Singapore-based investment firm, and another references the Berlin anti-corruption organization Transparency International, which Russia has targeted before. Others are generic or ambiguous in their targeting. But one seized domain, soros-my-sharepoint[.]com, jumps out as a clear reference to Soros, a past GRU target from Russia’s 2016 election interference. An additional four phishing domains registered in the same time frame appear to target Soros Open Society Foundations, said Kyle Ehmke, an intelligence researcher at the Arlington, Virginia-based cybersecurity firm ThreatConnect. Those domains haven’t been seized and ThreatConnect hasn’t found enough evidence to definitively link them to the Russian hackers, said Ehmke.