Microsoft says it will stop Russian cyber attacks on NATO targets – ICT News

The tech giant blocked a campaign targeting targets in NATO countries through hacking and social engineering. The campaign is linked to a Russian group called Seaborgium.

The Seaborgium group, which is followed by Google under the name ColdRiver and by the security firm Proofpoint under the acronym TA446, mainly targets NATO countries and is considered a Russian-sponsored organization. He has also run cyber campaigns in Scandinavia and Eastern European countries such as Ukraine. The attackers attempt to steal sensitive emails from organizations or individuals that may be of interest to Russia.

‘Within these target countries, Seaborgium mainly attacks defense firms and organizations providing intelligence advice, but also NGOs, think tanks and institutions of higher education’, reveals the Microsoft Threat Intelligence Center in a statement posted on its blog. The group would attack, among others, experts in Russian politics and Russian citizens residing abroad.

Phishing

Seaborgium achieves this by using several classic phishing techniques, according to Microsoft, such as creating fake online social media profiles, which are then used to contact individuals or organizations. At some point, the group sends them PDFs that direct them, via an error message, to a phishing site, where an attempt is made to steal their identifiers or authentication cookies.

The end goal seems to be gaining access to the victim’s email account, where emails are then stolen and/or the attackers introduce an instruction, that all emails will automatically be sent to them as well. In the past, the group is said to have stolen documents from British political parties and activists.

The Seaborgium group, which is followed by Google under the name ColdRiver and by the security firm Proofpoint under the acronym TA446, mainly targets NATO countries and is considered a Russian-sponsored organization. He has also run cyber campaigns in Scandinavia and Eastern European countries such as Ukraine. The attackers attempt to steal sensitive emails from organizations or individuals that may be of interest to Russia.’ Within these target countries, Seaborgium mainly attacks defense firms and organizations providing intelligence advice , but also to NGOs, think tanks and institutions of higher education, ”reveals the Microsoft Threat Intelligence Center in a press release posted on its blog. The group allegedly attacks Russian political experts and Russian citizens living abroad, among others. Seaborgium achieves this by using several classic phishing techniques, according to Microsoft, such as the creation of fake profiles online on social media, which is then used to connect with individuals or organizations. At one point, the group sends them PDFs that direct them, via an error message, to a phishing site, where an attempt is made to steal their identifiers or authentication cookies. The end goal seems to be access to the victim’s e-mail account, where e-mails are then stolen and/or where the attackers introduce an instruction, according to which all e-mails will automatically be sent to them as well. In the past, the group is said to have stolen documents from British political parties and activists.

.

Leave a Comment