Reporters Without Borders (RSF) has determined that a phishing operation targeting the organization in early 2025 was carried out by a group associated with Russia’s Federal Security Service (FSB). The RSF cyberattack conclusion follows a months-long technical investigation conducted with the support of French cybersecurity firm Sekoia.
According to RSF, the attempted RSF cyberattack was first identified in March 2025 when an employee received a message written in French that appeared to come from a trusted contact. The email requested the recipient to open an attachment that was, in fact, missing, an established phishing technique designed to prompt a reply, allowing attackers to later send infected documents or malicious links.
The Failed RSF Cyberattack
When the response from the supposed sender arrived in English instead of French, the inconsistency raised immediate suspicion. The employee reported the exchange to RSF’s cybersecurity team, preventing the RSF cyberattack from progressing.
RSF then sought Sekoia’s assistance to conduct a deeper inquiry. The company later published a detailed account attributing the attack to the group known as Callisto or Calisto, also identified as UNC4057, Star Blizzard, or ColdRiver. Intelligence agencies in the United States, the United Kingdom, New Zealand, and Australia have connected this group to the FSB.
Sekoia describes Callisto as an advanced persistent threat capable of maintaining hidden, long-term access to targeted information systems.
Kremlin Pressure and Designation as an “Undesirable Organization”
In its statement, Reporters Without Borders noted that the organization frequently faces digital interference from Russian state services and pro-Kremlin actors. RSF has long been involved in defending press freedom in Russia and supporting journalists fleeing the country, making it a recurring target of Russian-linked operations.
RSF Director of Advocacy and Assistance Antoine Bernard said the March attack was not accidental. “RSF, which defends global press freedom and actively assists Russian journalists fleeing their country, is a regular target of the Kremlin and the constellation surrounding Vladimir Putin’s regime,” he stated.
Bernard added that this incident was one of multiple politically motivated operations directed at the organization in recent months. In August 2025, Russian authorities escalated their pressure by officially declaring RSF an “undesirable organization,” exposing anyone connected to it to prison sentences of up to four years under Russian law.
RSF Chief Information Security Officer Nicolas Diaz emphasized ongoing cybersecurity challenges. “In the face of cyberthreats, RSF benefits from cutting-edge technical solutions as well as external expertise capable of detecting and characterizing the cyberoperations that target us,” he explained. Diaz highlighted the need to strengthen cyber defense capabilities and ensure users recognize the subtle warning signs that often precede an attempted intrusion we saw in the RSF cyberattack.
Disinformation Campaigns and Broader Press Freedom Concerns
RSF reported that the phishing operation fits into a larger pattern of attempts to undermine its work. In March 2025, the NGO denounced a disinformation campaign that used doctored videos falsely claiming to show statements by RSF leadership.
A year earlier, in 2024, RSF filed a complaint against platform X (previously Twitter) after repeated posts containing disinformation against the organization remained unaddressed.
Among the most notable examples was a fabricated BBC-style video alleging that RSF had produced a study accusing Ukrainian soldiers of harboring Nazi sympathies. This false content was later circulated by Russian authorities and amplified by pro-Kremlin influencers.
The organization released its annual press freedom report, stating that Russia currently detains more foreign journalists than any other country. RSF also co-led an investigation into the final weeks of Ukrainian freelance journalist Viktoria Roshchyna, 27, who died in Russian captivity in 2024. According to the report, only Israel and organized crime groups were responsible for more journalist deaths worldwide in 2025.
