16 August 2022

Microsoft disrupts Russian espionage hacker group targeting NATO countries and Ukraine


Microsoft disrupts Russian espionage hacker group targeting NATO countries and Ukraine

Microsoft said it disrupted a hacking and social engineering operation associated with a cyber espionage group identified as Seaborgium that targets individuals and organizations in NATO countries.

The threat actor, which Microsoft tracks since 2017, is believed to have ties to the Russian government and is primarily focused on targets in NATO countries, particularly the US and the UK, but occasionally conducts operations targeting countries in the Baltics, the Nordics, and Eastern Europe.

“Such targeting has included the government sector of Ukraine in the months leading up to the invasion by Russia, and organizations involved in supporting roles for the war in Ukraine. Despite some targeting of these organizations, Microsoft assesses that Ukraine is likely not a primary focus for this actor; however, it is most likely a reactive focus area for the actor and one of many diverse targets,” the tech giant notes.

The group’s targets include defense and intelligence consulting companies, non-governmental organizations (NGOs) and intergovernmental organizations (IGOs), think tanks, and higher education institutions.

Seaborgium’ s modus operandi involves creating online personas via email, social media accounts and LinkedIn profiles that are used in social engineering schemes targeting individuals or organizations of interest. The attackers then attempt to establish contact with the potential victim and if successful, they would send the target a phishing email.

Microsoft said the threat actor also abuses OneDrive to host PDF files that contain a link to the malicious URL, included in the body of the email. Once obtaining the victim’s credentials Seaborgium uses them to sign in to victim email accounts and then the threat actor either steals emails and attachments or set up forwarding rules to receive all new emails sent to the compromised account.

“Based on the specific victimology, documents stolen, conversations fostered, and sustained collection observed, we assess that espionage is likely a key motivation of the actor,” Microsoft noted.

Back to the list

Latest Posts

FIN7 cybercrime gang offers new EDR bypass tool on dark web

FIN7 cybercrime gang offers new EDR bypass tool on dark web

AvNeutralizer is being advertised for prices ranging between $4,000 and $15,000 on various cybercrime forums.
17 July 2024
Critical Apache HugeGraph vulnerability exploited in the wild

Critical Apache HugeGraph vulnerability exploited in the wild

Users are strongly recommended to upgrade to the fixed version as soon as possible.
17 July 2024
TAG-100 cyberspies target Citrix, F5, Cisco appliances in at least 10 countries

TAG-100 cyberspies target Citrix, F5, Cisco appliances in at least 10 countries

The threat actor has employed the Go-based backdoors Pantegana and SparkRAT for post-exploitation.
17 July 2024