Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies

The UK’s NCSC has issued a security advisory to warn about spearphishing campaigns conducted by two unrelated Russian and Iranian hacker groups.

The United Kingdom’s National Cyber Security Centre (NCSC) has published an advisory to warn organizations and individuals about separate spearphishing campaigns conducted by Russian and Iranian cyberespionage groups.

The advisory focuses on activities conducted by the Russia-linked Seaborgium group (aka Callisto, Blue Callisto and Coldriver) and the Iran-linked TA453 (aka Charming Kitten, APT35, Magic Hound, NewsBeef, Newscaster and Phosphorus). 

Russian and Iranian phishing

The NCSC noted that the two groups covered by the advisory have similar tactics, techniques and procedures (TTPs) and they target the same types of entities, but there is no evidence that their campaigns are connected or that the two APTs are collaborating. 

The goal of these attacks has been to collect information from government organizations, academia, defense firms, NGOs, think tanks, politicians, activists and journalists.

The general public has not been targeted, but it’s worth pointing out that the Iranian group has also been observed launching what appeared to be financially motivated ransomware attacks.

Seaborgium and TA453’s attacks start with a reconnaissance phase that involves using open source intelligence to research their targets. This phase can involve creating fake social media accounts, email accounts impersonating well-known individuals in the target’s field of interest, fake websites, and event invitations. The goal is to gain the victim’s trust.

The hackers don’t immediately deliver malicious content to the victim and instead take their time to build trust, which increases their chances of success. After trust is established, they deliver a malicious link that leads the victim to a phishing page.

These phishing pages are designed to harvest credentials that the Russian and Iranian hackers can then use to access the victim’s email accounts, which can store valuable information. 

The attackers have also been observed setting up forwarding rules in compromised email accounts in an effort to monitor the victim’s correspondence. In addition, they have used contact lists for further phishing attacks.

Advertisement. Scroll to continue reading.

“Although spear-phishing is an established technique used by many actors, Seaborgium and TA453 continue to use it successfully and evolve the technique to maintain their success,” the NCSC said in its advisory. 

In August 2022, Microsoft said it had caused significant disruption to Seaborgium’s operations, cutting off the hackers’ access to accounts used for reconnaissance and phishing. 

Related: Iranian Hackers Impersonate British Scholars in Recent Campaign

Related: Russian Espionage APT Callisto Focuses on Ukraine War Support Organizations

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Cyberwarfare

Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cybercrime

On the first anniversary of Russia’s invasion of Ukraine, cybersecurity companies summarize the cyber operations they have seen and their impact.

Cyberwarfare

The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...