Russian state-sponsored threat group Coldriver has been suspected by the Free Russia Foundation of being behind the intrusion, which involved the targeting of several entities to exfiltrate internal documents, grant reports, and other correspondences in retaliation against pro-democracy Russians. Over 13 GB of electronic documents and more than 2,500 email chains, including strategic planning files, accounting, and management data were claimed by threat actors to have been exfiltrated from the nonprofit, with the legitimacy of the exposed files confirmed by unnamed former employees.

Source: SC Magazine