The U.K. National Cyber Security Centre (NCSC) on Thursday warned of spear-phishing attacks mounted by Russian and Iranian state-sponsored actors for information-gathering operations.
“The attacks are not aimed at the general public but targets in specified sectors, including academia, defence, government organizations, NGOs, think tanks, as well as politicians, journalists, and activists,” the NCSC said.
The agency attributed the intrusions to SEABORGIUM (aka Callisto, COLDRIVER, and TA446) and APT42 (aka ITG18, TA453, and Yellow Garuda). The similarities in the modus operandi aside, there is no evidence the two groups are collaborating with each other.
The activity is typical of spear-phishing campaigns, where the threat actors send messages tailored to the targets, while also taking enough time to research their interests and identify their social and professional circles.
The initial contact is designed to appear innocuous in an attempt to gain their trust and can go on for weeks before proceeding to the exploitation phase. This takes the form of malicious links that can lead to credential theft and onward compromise, including data exfiltration.
images from Hacker News