Hackers using fake Protonmail web domains targeted open source investigative news outlet Bellingcat, according to a new report from cybersecurity company ThreatConnect. According to the report, attackers sent spear phishing emails to Bellingcat’s Christo Grosev, who has co-authored a number of investigations for the group identifying alleged Russian intelligence officers involved in the poisoning of a former GRU officer in Salisbury, England, and an attempted coup in Montenegro. The emails claimed that the user’s account had been compromised and directed the recipient to register a new password at a fake Protonmail website controlled by hackers. ThreatConnect researchers said the attempts bore similarities to previous tactics used by hackers from Russian military intelligence but that there was insufficient evidence to link the campaign directly to Russian actors.