Cybercriminals Target Russian Troops with Fake Dating Profiles for Espionage

A cyberespionage group named 'SiribClone' has been targeting Russian military personnel since summer 2025. This group uses social engineering tactics, posing as women seeking romantic relationships to compromise soldiers' mobile phones and Telegram accounts. The attackers aim to gather sensitive military intelligence by persuading victims to download malicious applications or enter credentials on phishing sites. The malware, identified as 'SafeLoveStealer,' can steal personal data and provide remote access to infected devices. The campaign was detected in early 2026, with a resurgence in May linked to Victory Day celebrations. Researchers from the Russian cybersecurity firm F6 have documented this threat, highlighting its focus on troops in border regions and combat zones. The group employs various deceptive tactics, including fake humanitarian aid offers and requests for intimate photos.

Key Points: • The cyberespionage group 'SiribClone' targets Russian soldiers using fake dating profiles. • Malware 'SafeLoveStealer' is designed to steal sensitive data and provide remote access. • The campaign has been active since summer 2025, with renewed activity noted in May 2026.