Microsoft recently revealed details about a suspected Russian-based cybercriminal gang, SEABORGIUM, that attacked countries under NATO with cyberespionage campaigns since 2017. These attacks mostly targeted government groups, intelligence orgs, and law enforcement agencies.
The advisory also disclosed how the tech firm had disrupted SEABORGIUM’s campaigns as they were found highly active since the beginning of 2022, with at least 30 companies already targeted aside from other personal accounts of other individuals of interest.
SEABORGIUM have previously conducted phishing attacks against defence officials, politicians, journalists, and NGOs. Microsoft had also linked the group to an operation last May 2021, wherein they hacked into a UK-based political organisation and stole confidential documents.
Aside from the NATO countries, the SEABORGIUM group had also targeted countries from the Nordics, the Baltics, and Eastern Europe.
As shared by Microsoft, it was found that the cyberespionage group initially performed extensive surveillance of their targets before intruding into their network, including creating social media accounts to skim through their targets’ affiliate circles.
The group also created fraudulent LinkedIn profiles to spy on their targeted companies’ employees to obtain more information before hacking them. After the series of spying and obtaining intelligence, they will send phishing emails to the targets, initially introducing friendly pleasantries to achieve the target’s trust.
In usual instances, the victims reply to the email of the threat group, which triggers them to send another one that already carries a malicious attachment or a link to a phishing website. Additionally, most of these cases involve the usage of a phishing hosting framework called EvilGinx. This platform aids the operators in creating a website that will imitate a legitimate service’s sign-in page to collect the victims’ account credentials.
According to Microsoft’s observations, the SEABORGIUM threat group heavily focuses on facilitating dialogues with their targets using the impersonated brand, company, or service. This technique gives them more chances to harvest information from the victims and gain their trust.
The affected victims must acquire stronger knowledge of determining social engineering tactics on emails. Moreover, it is also vital to completely avoid interacting with these suspicious messages.