What was the fault of politicians from Great Britain this time?
Cyber warfare is in full swing, and each state, with the appropriate resources, is sure to attract digital troops to advance its interests. The UK has issued a new security advisory warning of the activities of the Russian group SEABORGIUM (aka: Callisto Group, TA446, COLDRIVER, TAG-53) and Iranian TA453 (aka: APT42, Charming Kitten, Yellow Garuda, ITG18).
According to the UK's National Cybersecurity Center (NCSC), the aforementioned hacker groups are actively engaged in the digital stalking of UK individuals of interest for espionage purposes.
“Throughout 2022, SEABORGIUM and TA453 have been targeted at academia, defense, government and non-government organizations, think tanks. As well as specific politicians, journalists and activists,” write NCSC representatives.
Both groups operate under spy-phishing strategies. They "lure" their victims with information that is of interest to them. In order to better understand the interests of potential victims, attackers study their social networks and other available information for a long time. In addition, SEABORGIUM and TA453 have been observed creating fake pages and impersonating respected experts, as well as sending out invitations to conferences or speeches by journalists.
As a rule, attackers easily gain the trust of their targets. First, they maintain long-term contact with victims via personal or business email. Then, once the trust relationship has been established, the cybercriminals send the victim a link to a phishing page disguised as a real website, a cloud storage document, or even a Zoom invitation. This is how the target shares its credentials with hackers.
According to the researchers, the gangs use compromised data to steal emails and attachments from the mailbox, set up mail forwarding rules to control correspondence, and gain access to the victim's mailing list data and contact lists for further targeting. Everything happens quite imperceptibly for the chosen purpose, therefore it is sometimes very difficult to guess that all personal or work mail goes to the left address.
“These campaigns of attackers based in Russia and Iran continue to relentlessly pursue their goals in an attempt to steal online credentials and compromise potentially sensitive systems,” said Paul Chichester, NCSC COO. “We strongly encourage organizations and individuals to remain vigilant about potential approaches and follow mitigation recommendations to protect themselves online,” he added.