"Microsoft Disrupts Russian Cyber-Espionage Group Seaborgium"

Microsoft recently claimed to have disrupted a prolific Russian state-backed threat group known for conducting long-running cyber-espionage campaigns against mainly NATO countries.  On August 15, Microsoft said it had disabled accounts used by the "Seaborgium" group for reconnaissance, phishing, email collection, and updated detections against its phishing domains in Microsoft Defender SmartScreen.  Threat researchers also know Seaborgium as Callisto Group, ColdRiver, TA446, and other monikers.  Seaborgium is a "highly persistent threat actor" that focuses most of its time on the US and UK, and occasionally the countries of the Baltics, Nordics, and Eastern Europe.  Microsoft stated that once successful, it slowly infiltrates targeted organizations' social networks through constant impersonation, rapport building, and phishing to deepen their intrusion.  Microsoft noted that Seaborgium has successfully compromised organizations and people of interest in consistent campaigns for several years, rarely changing methodologies or tactics.  Since the start of the year, it has targeted over 30 organizations: mainly defense and intelligence consulting companies, non-governmental organizations (NGOs) and intergovernmental organizations (IGOs), think tanks, and higher education.  Microsoft noted that the group also targets individuals such as former intelligence officials and Russian citizens living abroad.  The researchers stated that after conducting reconnaissance on its targets, the group might try to establish rapport by contacting them on social media.  Soon after, the group will send a phishing email purporting to contain content of interest to the recipient.  Malicious URLs may be located in the body of the email, a clickable button designed to open an attachment, or a OneDrive link which takes the user to a PDF file containing a URL.  The researchers stated that the end goal is credential theft and then data exfiltration.
 

Infosecurity reports: "Microsoft Disrupts Russian Cyber-Espionage Group Seaborgium"

Submitted by Anonymous on