A Russia-linked menace actor tracked as TAG-53 is working phishing campaigns impersonating varied protection, aerospace, and logistic firms, in response to The File by Recorded Future. Recorded Future’s Insikt Group recognized overlaps with a menace actor tracked by different firms as Callisto Group, COLDRIVER, and SEABORGIUM.
“TAG-53 infrastructure was uncovered by analyzing particular combos of area registrars, autonomous techniques, area identify buildings, and associated TLS certificates,” the researchers write. “Based mostly on this data, it’s extremely doubtless that this menace group is constant its phishing and credential-harvesting operations. Whereas monitoring TAG-53 infrastructure, Insikt Group noticed a spoofed Microsoft login web page masquerading as a official navy weapons and {hardware} provider within the US, suggesting that some TAG-53 infrastructure has doubtless already been operationalized.”
Recorded Future isn’t certain if the impersonated entities are the precise targets of the operation, however the researchers word that almost all of those organizations “share a spotlight round business verticals that may doubtless be of curiosity to Russia-nexus menace teams, particularly in mild of the struggle in Ukraine.”
“The TAG-53 area “drive-globalordnance[.]com” features a spoofed sign-in web page for the official firm World Ordnance, a navy weapons and {hardware} provider within the US,” the researchers write. “The spoofed sign-in web page…makes use of World Ordnance branding and is suspected for use for follow-on credential harvesting after a goal has been phished. It’s unclear whether or not World Ordnance is the meant goal of this tried credential harvesting operation or whether or not TAG-53 is utilizing a World Ordnance-styled area and spoofed sign-in web page to masquerade as a official entity to focus on victims.”
Different impersonated entities included Polish protection firm UMO Poland, the nonprofit Fee for Worldwide Justice and Accountability (CIJA), US-based satellite tv for pc communications firm Blue Sky Community, logistics firm DTGruelle, and Russia’s Ministry of Inner Affairs.
New-school safety consciousness coaching can allow your workers to thwart social engineering assaults.
The File has the story.
