Iranian and Russian hackers use spear-phishing to target UK politicians


Iranian and Russian hacking groups are utilizing spear-phishing campaigns against British politicians, journalists, and activists, the UK National Cyber Security Centre (NCSC) warned.

The cyber war is in full swing, with nation-states deploying both physical and digital troops to advance their interests. The UK has issued a new advisory, warning about the Russia-based SEABORGIUM (Callisto Group/TA446/COLDRIVER/TAG-53) and Iran-based TA453 (APT42/Charming Kitten/Yellow Garuda/ITG18) actors who target British persons of interest for espionage purposes.

“Throughout 2022, SEABORGIUM and TA453 targeted sectors included academia, defense, governmental organizations, NGOs, think-tanks, as well as politicians, journalists, and activists,” the advisory details.

Both groups act in line with spear-phishing strategies, utilizing information known to be of interest to their victims in order to gain trust. The threat actors use social media open-source resources in order to conduct preliminary checks.

Additionally, both SEABORGIUM and TA453 have been observed to set up fake pages to impersonate respected experts, as well as send invites to conferences or pitches from journalists.

Using the gathered information, threat actors would build up trust with their targets, usually maintaining prolonged contact over time via personal or business email.

Having built rapport, malicious hackers would share a link – disguised as a document, website, or even a Zoom invite – to convince the target to share their account credentials.

According to researchers, SEABORGIUM and TA453 then use compromised details to steal emails and attachments from the victim’s inbox; set up mail-forwarding rules to control correspondece; and access mailing-list data and victim’s contacts lists for further targeting.

“These campaigns by threat actors based in Russia and Iran continue to ruthlessly pursue their targets in an attempt to steal online credentials and compromise potentially sensitive systems,” Paul Chichester, NCSC Director of Operations, said. “We strongly encourage organizations and individuals to remain vigilant to potential approaches and follow the mitigation advice in the advisory to protect themselves online.”

Iran and Russia have been linked as allies during the war in Ukraine, in which Iran is believed to be aiding the Kremlin's regime with attack drones.