2023-02-01

Increased Levels of Cyber Threat from Russia and Iran

Level: 
Strategic
  |  Source: 
NCSC
Defense
Education
Government
Non-Governmental Organization
Think Tanks
Share:

Increased Levels of Cyber Threat from Russia and Iran

Category: Threat Actor Activity | Industries: Defense, Education, Government, Non-Government Organizations (NGOs), Think Tanks | Level: Strategic | Source: NCSC

The U.K. National Cyber Security Centre (NCSC) warns of increased cyber activity particularly spear-phishing campaigns, from Russian state-sponsored group SEABORGIUM (aka Callisto Group/, COLDRIVER, TA446, TAG-53), and Iran-based APT42 (Charming Kitten, ITG18, TA453, Yellow Garuda), to collect data from individuals and organizations. Campaigns in 2022, showed the threat groups targeting verticals in defense, education, government, non-government organizations (NGOs), and think tanks. Additionally, individuals associated with politics, journalism, and activism were also targeted. Using open-source research, SEABORGIUM and APT42 actors' profile and create social media personas of individuals or entities to lure engagement from their target. As observed from NCSC, the groups created "fake social media or networking profiles that impersonate respected experts, and used supposed conference or event invitations, as well as false approaches from journalists."

Conversations initated by the group are well-constructed on themes and topics to draw the target's interest and build trust. Weblinks are crafted using legitimate file-sharing services such as OneDrive or GoogleDrive. In a few instances, the threat actors can distribute fake Zoom links or during a Zoom call, provide a malicious link in the chat message of the Zoom call. Email credentials are highlighted as the major objective for the groups to set up auto-forward rules to exfiltrate communication data and to leverage the compromised account for other attacks.

Get trending threats published weekly by the Anvilogic team.

Sign Up Now