{"id":16699,"date":"2023-01-26T13:33:14","date_gmt":"2023-01-26T12:33:14","guid":{"rendered":"https:\/\/www.show.it\/uk-gov-warns-of-phishing-attacks-launched-by-iranian-russian-cyberspies\/"},"modified":"2023-01-26T13:33:14","modified_gmt":"2023-01-26T12:33:14","slug":"uk-gov-warns-of-phishing-attacks-launched-by-iranian-russian-cyberspies","status":"publish","type":"post","link":"https:\/\/www.show.it\/en\/uk-gov-warns-of-phishing-attacks-launched-by-iranian-russian-cyberspies\/","title":{"rendered":"UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies"},"content":{"rendered":"

The United Kingdom\u2019s National Cyber Security Centre (NCSC) has published an advisory to warn organizations and individuals about separate spearphishing campaigns conducted by Russian and Iranian cyberespionage groups.<\/strong><\/p>\n

The advisory focuses on activities conducted by the Russia-linked Seaborgium group (aka Callisto, Blue Callisto and Coldriver) and the Iran-linked TA453 (aka Charming Kitten, APT35, Magic Hound, NewsBeef, Newscaster and Phosphorus).\u00a0<\/p>\n

\n
\"Russian<\/figure>\n<\/div>\n

The NCSC noted that the two groups covered by the advisory have similar tactics, techniques and procedures (TTPs) and they target the same types of entities, but there is no evidence that their campaigns are connected or that the two APTs are collaborating.\u00a0<\/p>\n

The goal of these attacks has been to collect information from government organizations, academia, defense firms, NGOs, think tanks, politicians, activists and journalists.<\/p>\n

The general public has not been targeted, but it\u2019s worth pointing out that the Iranian group has also been observed launching what appeared to be financially motivated ransomware attacks<\/a>.<\/p>\n

Seaborgium and TA453\u2019s attacks<\/a> start with a reconnaissance phase that involves using open source intelligence to research their targets. This phase can involve creating fake social media accounts, email accounts impersonating well-known individuals in the target\u2019s field of interest, fake websites, and event invitations. The goal is to gain the victim\u2019s trust.<\/p>\n

The hackers don\u2019t immediately deliver malicious content to the victim and instead take their time to build trust, which increases their chances of success. After trust is established, they deliver a malicious link that leads the victim to a phishing page.<\/p>\n

These phishing pages are designed to harvest credentials that the Russian and Iranian hackers can then use to access the victim\u2019s email accounts, which can store valuable information.\u00a0<\/p>\n

The attackers have also been observed setting up forwarding rules in compromised email accounts in an effort to monitor the victim\u2019s correspondence. In addition, they have used contact lists for further phishing attacks.<\/p>\n

\u201cAlthough spear-phishing is an established technique used by many actors, Seaborgium and TA453 continue to use it successfully and evolve the technique to maintain their success,\u201d the NCSC said in its advisory.\u00a0<\/p>\n

In August 2022, Microsoft said it had caused significant disruption to Seaborgium\u2019s operations<\/a>, cutting off the hackers\u2019 access to accounts used for reconnaissance and phishing.\u00a0<\/p>\n

Related:<\/strong> <\/strong>Iranian Hackers Impersonate British Scholars in Recent Campaign<\/a><\/p>\n

Related: <\/strong>Russian Espionage APT Callisto Focuses on Ukraine War Support Organizations<\/a><\/p>\n

The post UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies<\/a> appeared first on SecurityWeek<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

The United Kingdom\u2019s National Cyber Security Centre (NCSC) has published an advisory to warn organizations and individuals about separate spearphishing campaigns conducted by Russian and Iranian cyberespionage groups. The advisory focuses on activities conducted by the Russia-linked Seaborgium group (aka Callisto, Blue Callisto and Coldriver) and the Iran-linked TA453 (aka Charming Kitten, APT35, Magic Hound, […]<\/p>\n","protected":false},"author":2,"featured_media":16700,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[28,75,110,17,63,109],"tags":[],"class_list":["post-16699","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyberwarfare","category-government","category-iran","category-phishing","category-russia","category-uncategorized"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/posts\/16699","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/comments?post=16699"}],"version-history":[{"count":0,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/posts\/16699\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/media\/16700"}],"wp:attachment":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/media?parent=16699"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/categories?post=16699"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/tags?post=16699"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}