Advertisement Banner
  • Home
  • News
  • Cyber News
  • Contact
No Result
View All Result
  • Home
  • News
  • Cyber News
  • Contact
No Result
View All Result
Wellnessnewshubb
No Result
View All Result
Home Cyber News

UK NCSC warns of spear-phishing attacks from Russia and IranSecurity Affairs

admin by admin
January 26, 2023
in Cyber News


The U.K. National Cyber Security Centre (NCSC) warns of a surge in the number of attacks from Russian and Iranian nation-state actors.

The U.K. National Cyber Security Centre (NCSC) is warning of targeted phishing attacks conducted by threat actors based in Russia and Iran. The are increasingly targeting organizations and individuals.

The UK agency reported ongoing spear-phishing campaigns carried out by Russia-based group SEABORGIUM and Iran-based group TA453 to gather intelligence on the victims.

SEABORGIUM has been active since at least 2017, its campaigns involve persistent phishing and credential theft campaigns leading to intrusions and data theft. The APT primarily targets NATO countries, but experts also observed campaigns targeting the Baltics, Nordics, and Eastern Europe regions, including Ukraine.

The SEABORGIUM group primarily focuses operations on defense and intelligence consulting companies, non-governmental organizations (NGOs) and intergovernmental organizations (IGOs), think tanks, and higher education.

The group also targets former intelligence officials, experts in Russian affairs, and Russian citizens abroad.

SEABORGIUM’s campaigns begin with a reconnaissance activity of target individuals, with a focus on identifying their contacts on social networks or the sphere of influence.

TA453 is a nation-state actor that overlaps with activity tracked as Charming Kitten, PHOSPHORUS, and APT42.

Throughout 2022, both groups targeted sectors included academia, defence, governmental organisations, NGOs, think-tanks, as well as politicians, journalists and activists.

The NCSC shared technical details about the TTPs (techniques, tactics, and procedures) used by the attackers, they also provide recommendations to mitigate the threat.

“Using open-source resources to conduct reconnaissance, including social media and professional networking platforms, SEABORGIUM and TA453 identify hooks to engage their target. They take the time to research their interests and identify their real-world social or professional contacts. [T1589; T1593].” reads the alert published by the UK Agency.

The group also used fake social media or networking profiles that impersonate respected experts, and used supposed conference or event invitations as lures. In some attacks, the threat actors also used false approaches from journalists.

The two APT groups use webmail addresses from different providers (including Outlook, Gmail, and Yahoo), and impersonate known contacts of the target or prominent names in the target’s field of interest or sector.

The attackers have also created malicious domains resembling legitimate organisations.

In August, the Microsoft Threat Intelligence Center (MSTIC) announced it has disrupted activity by SEABORGIUM (aka ColdRiver, TA446), but recent events demonstrate that the group recovered its operations.

Microsoft has disrupted activity by SEABORGIUM, a Russia-based actor launching persistent phishing, credential and data theft, intrusions, and hack-and-leak campaigns tied to espionage. More details + TTPs in this MSTIC blog: https://t.co/nVoF8GxrFQ

— Microsoft Security Intelligence (@MsftSecIntel) August 15, 2022

Below are the recommendations provided by the agency in the advisory:

  • Use strong and separate passwords for your email account
  • Turn on multi-factor authentication (also known as 2-step verification, or 2SV) 
  • Protect your devices and networks by keeping them up to date
  • Exercise vigilance
  • Enable your email providers’ automated email scanning features
  • Disable mail-forwarding

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, APT)

[adrotate banner=”5″]

[adrotate banner=”13″]



Share On






Source link

Previous Post

Delhi LG Invites CM Kejriwal, Ministers & 10 AAP MLAs Tomorrow –

Next Post

Inside TikTok’s proposal to address US national security concerns

Next Post

Inside TikTok’s proposal to address US national security concerns

Recommended

Standard Chartered invests in Partior

5 months ago

DCG-owned Luno exchange to axe 35% of its staff

2 months ago

© 2022 Law Enforcement News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Cyber News
  • Contact

Newsletter Sign Up.

No Result
View All Result
  • Home
  • News
  • Cyber News
  • Contact

© 2022 Law Enforcement News Hubb All rights reserved.