© 2022 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Russian cyber-espionage gang targets NATO, NGOs, and think tanks – Microsoft


Seaborgium has mainly targeted NATO countries, particularly the US and the UK, and occasionally attacked Baltic states, Nordic countries, and Eastern Europe.

“Such targeting has included the government sector of Ukraine in the months leading up to the invasion by Russia and organizations involved in supporting roles for the war in Ukraine,” Microsoft said.

Since the beginning of 2022, the threat actor has been observed targeting over 30 organizations, in addition to personal accounts of people of interest.

“Seaborgium has been observed targeting former intelligence officials, experts in Russian affairs, and Russian citizens abroad,” Microsoft said.

Seaborgium focuses on defense and intelligence consulting companies, non-governmental organizations (NGOs) and intergovernmental organizations (IGOs), think tanks, and higher education.

The company claims to have disrupted Seaborgium’s ongoing phishing operations with the help of Google Threat Analysis Group and the Proofpoint Threat Research Team.

Microsoft, tracking the group since 2017, said its campaigns involve persistent phishing and credential theft, leading to intrusions and data theft. Researchers assess that the information stolen during the intrusions likely supports traditional espionage goals and operations.

Most likely, Seaborgium uses social media platforms, such as LinkedIn, personal directories, and general open-source intelligence (OSINT) to conduct their reconnaissance of target individuals. Threat actor also uses legitimate email services to impersonate individuals and establish contact with their target.

After establishing contact with the victim, Seaborgium delivers a malicious link to steal the target’s credentials. The threat actor uses stolen credentials to sign in to victim email accounts, exfiltrate data, set up persistent data collection, and access the people of interest.

“There have been several cases where Seaborgium has been observed using their impersonation accounts to facilitate dialog with specific people of interest and, as a result, were included in conversations, sometimes unwittingly, involving multiple parties,” Microsoft said in a blog post.

What is more, Microsoft observed sporadic Seaborgium’s involvement with information operations.

“The actors leaked emails/documents from 2018 to 2022, allegedly stolen from consumer Protonmail accounts belonging to high-level proponents of Brexit, to build a narrative that the participants were planning a coup. The narrative was amplified using social media and through specific politically themed media sources that garnered quite a bit of reach.”


More from Cybernews:

Facebook-owned free apps are data-hungriest, study finds

UK water supplier with over a million customers hit by cyberattack

Women are more prone to cybersickness, study indicates

Regulations are coming to your favorite crypto platform

Cybersecurity veteran urges to learn from cybercriminals' mistakes

HanesBrands loses $100 million in net sales following ransomware attack

Subscribe to our newsletter



Comments

helen
helen
prefix 25 days ago
The eavesdropping that the United States has done is no less than these countries!
Leave a Reply

Your email address will not be published. Required fields are marked