16 August 2022

Microsoft disrupts Russian espionage hacker group targeting NATO countries and Ukraine


Microsoft disrupts Russian espionage hacker group targeting NATO countries and Ukraine

Microsoft said it disrupted a hacking and social engineering operation associated with a cyber espionage group identified as Seaborgium that targets individuals and organizations in NATO countries.

The threat actor, which Microsoft tracks since 2017, is believed to have ties to the Russian government and is primarily focused on targets in NATO countries, particularly the US and the UK, but occasionally conducts operations targeting countries in the Baltics, the Nordics, and Eastern Europe.

“Such targeting has included the government sector of Ukraine in the months leading up to the invasion by Russia, and organizations involved in supporting roles for the war in Ukraine. Despite some targeting of these organizations, Microsoft assesses that Ukraine is likely not a primary focus for this actor; however, it is most likely a reactive focus area for the actor and one of many diverse targets,” the tech giant notes.

The group’s targets include defense and intelligence consulting companies, non-governmental organizations (NGOs) and intergovernmental organizations (IGOs), think tanks, and higher education institutions.

Seaborgium’ s modus operandi involves creating online personas via email, social media accounts and LinkedIn profiles that are used in social engineering schemes targeting individuals or organizations of interest. The attackers then attempt to establish contact with the potential victim and if successful, they would send the target a phishing email.

Microsoft said the threat actor also abuses OneDrive to host PDF files that contain a link to the malicious URL, included in the body of the email. Once obtaining the victim’s credentials Seaborgium uses them to sign in to victim email accounts and then the threat actor either steals emails and attachments or set up forwarding rules to receive all new emails sent to the compromised account.

“Based on the specific victimology, documents stolen, conversations fostered, and sustained collection observed, we assess that espionage is likely a key motivation of the actor,” Microsoft noted.

Back to the list

Latest Posts

Cyber security week in review: September 23, 2022

Cyber security week in review: September 23, 2022

The world in brief: Cryptomarket maker Wintermute robbed of $160M in a hack, old Python bug potentially affects 350,000 open-source projects, and more.
23 September 2022
Unpatched 15-year-old Python vulnerability puts at risk over 350,000 open-source projects

Unpatched 15-year-old Python vulnerability puts at risk over 350,000 open-source projects

The vulnerable Python tarfile module is found extensively in frameworks created by Netflix, AWS, Intel, Facebook, Google and other software.
22 September 2022
Malicious actors continue to abuse Google Tag Manager tool to install e-skimmers

Malicious actors continue to abuse Google Tag Manager tool to install e-skimmers

The researchers said they discovered three variants of malicious scripts hidden within GTM containers that function either as e-skimmers or as downloaders for installing e-skimmers.
21 September 2022