The NCSC-U.K has issued a warning to organizations regarding ongoing spear-phishing attacks by Russian and Iranian threat actors. The advisory details the tactics and techniques being employed by the Russia-based SEABORGIUM and Iran-based TA453 groups, which have targeted specific sectors and individuals in the political sphere, such as academia, defense, government organizations, NGOs, think-tanks, politicians, journalists, and activists throughout 2022.
Diving into details
Both SEABORGIUM and TA453 targeted specific sectors and individuals in the aforementioned areas via email addresses for different providers such as Outlook, Gmail, and Yahoo.
They impersonate known contacts of the target or eminent names in the target’s field of interest or sector.
Both groups create malicious domains resembling legitimate organizations to appear authentic.
Why this matters
SEABORGIUM and TA453 spend time researching their targets' interests and contacts to create a convincing approach that they believe will interest their targets.
This initial contact may lead to extended correspondence as the attacker works to build trust and rapport with the target.
The threat actors primarily send spear-phishing emails to targets' personal email addresses. However, they also use targets' corporate or business email addresses.
They may use personal emails to bypass security controls on corporate networks.
The bottom line
Spear-phishing is a common technique used by many actors, but SEABORGIUM and TA453 continue to use it effectively and adapt the technique to maintain their success. Individuals and organizations from the targeted sectors should be aware of the techniques used by these groups. The NCSC-U.K recommends reporting activity consistent with the techniques described.