• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
british cyber agency warns of russian and iranian hackers targeting

British Cyber Agency Warns of Russian and Iranian Hackers Targeting Key Industries

You are here: Home / General Cyber Security News / British Cyber Agency Warns of Russian and Iranian Hackers Targeting Key Industries
January 27, 2023

The U.K. Nationwide Cyber Security Centre (NCSC) on Thursday warned of spear-phishing attacks mounted by Russian and Iranian state-sponsored actors for facts-gathering functions.

“The attacks are not aimed at the general general public but targets in specified sectors, which includes academia, protection, govt businesses, NGOs, imagine tanks, as very well as politicians, journalists and activists,” the NCSC claimed.

The company attributed the intrusions to SEABORGIUM (aka Callisto, COLDRIVER, and TA446) and APT42 (aka ITG18, TA453, and Yellow Garuda). The similarities in the modus operandi apart, there is no evidence the two teams are collaborating with just about every other.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The activity is regular of spear-phishing strategies, in which the risk actors ship messages personalized to the targets, even though also getting plenty of time to research their interests and identify their social and experienced circles.

The initial get in touch with is designed to surface innocuous in an attempt to obtain their rely on and can go on for months in advance of proceeding to the exploitation section. This will take the kind of malicious inbound links that can lead to credential theft and onward compromise, including details exfiltration.

To manage the ruse, the adversarial crews are mentioned to have developed bogus profiles on social media platforms to impersonate area industry experts and journalists to trick victims into opening the links.

The Russian point out-sponsored SEABORGIUM team has a history of setting up fake login internet pages mimicking authentic protection providers and nuclear investigate labs to pull off its credential harvesting attacks.

APT42, which operates as the espionage arm of Iran’s Islamic Revolutionary Guard Corps (IRGC), is said to share overlaps with PHOSPHORUS and is part of a bigger team tracked as Charming Kitten.

The risk actor, like SEABORGIUM, is regarded to masquerade as journalists, analysis institutes, and imagine tanks to have interaction with its targets using an at any time-switching arsenal of resources and techniques to accommodate IRGC’s evolving priorities.

Enterprise security company Proofpoint, in December 2022, disclosed the group’s “use of compromised accounts, malware, and confrontational lures to go immediately after targets with a variety of backgrounds from medical researchers to realtors to travel companies,” contacting it a deviation from the “envisioned phishing action.”

The stolen credentials are then used to log in to targets’ email accounts and entry sensitive info, in addition to setting up mail-forwarding policies to retain continued visibility into victim correspondence.

Also, a noteworthy part of these campaigns is the use of targets’ own email addresses, probable as a suggests to circumvent security controls set in spot on corporate networks.

“These campaigns by threat actors based in Russia and Iran proceed to ruthlessly pursue their targets in an endeavor to steal on the internet credentials and compromise possibly delicate methods,” Paul Chichester, NCSC director of functions, reported.

Observed this post intriguing? Stick to us on Twitter  and LinkedIn to go through extra unique material we write-up.


Some parts of this report are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Global Action “Dismantles” Hive Ransomware Group
Next Post: 3 Lifehacks While Analyzing Orcus RAT in a Malware Sandbox 3 lifehacks while analyzing orcus rat in a malware sandbox»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. – Dutch Operation
  • OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities
  • Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials
  • Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business
  • Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
  • Beyond Vulnerability Management – Can You CVE What I CVE?
  • Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
  • 38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
  • SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root

Copyright © TheCyberSecurity.News, All Rights Reserved.