Microsoft has disrupted operations carried out by a Russian government-aligned risk actor tracked as “SEABORGIUM.” The risk actor makes use of phishing and credential harvesting to conduct espionage and data operations. SEABORGIUM sometimes focuses on organizations in Western international locations, though it started concentrating on some Ukrainian organizations shortly earlier than Russia invaded Ukraine.
“For the reason that starting of 2022, Microsoft has noticed SEABORGIUM campaigns concentrating on over 30 organizations, along with private accounts of individuals of curiosity,” the researchers write. “SEABORGIUM primarily targets NATO international locations, notably the US and the UK, with occasional concentrating on of different international locations within the Baltics, the Nordics, and Jap Europe. Such concentrating on has included the federal government sector of Ukraine within the months main as much as the invasion by Russia, and organizations concerned in supporting roles for the struggle in Ukraine. Regardless of some concentrating on of those organizations, Microsoft assesses that Ukraine is probably going not a main focus for this actor; nevertheless, it’s most definitely a reactive focus space for the actor and considered one of many numerous targets.”
The risk actor conducts focused social engineering assaults towards a wide range of organizations.
“Inside the goal international locations, SEABORGIUM primarily focuses operations on protection and intelligence consulting corporations, non-governmental organizations (NGOs) and intergovernmental organizations (IGOs), suppose tanks, and better schooling,” Microsoft says. “SEABORGIUM has a excessive curiosity in concentrating on people as nicely, with 30% of Microsoft’s nation-state notifications associated to SEABORGIUM exercise being delivered to Microsoft shopper e mail accounts. SEABORGIUM has been noticed concentrating on former intelligence officers, consultants in Russian affairs, and Russian residents overseas.”
SEABORGIUM does in depth analysis on its targets earlier than contacting them on social media websites, together with LinkedIn (a Microsoft subsidiary). Microsoft labored with LinkedIn to trace and block a few of this exercise.
“Earlier than beginning a marketing campaign, SEABORGIUM usually conducts reconnaissance of goal people, with a deal with figuring out professional contacts within the targets’ distant social community or sphere of affect. Based mostly on a few of the impersonation and concentrating on noticed, we suspect that the risk actor makes use of social media platforms, private directories, and common open-source intelligence (OSINT) to complement their reconnaissance efforts. MSTIC, in partnership with LinkedIn, has noticed fraudulent profiles attributed to SEABORGIUM getting used sporadically for conducting reconnaissance of staff from particular organizations of curiosity.”
New-school safety consciousness coaching can allow your staff to thwart focused social engineering assaults.
Microsoft has the story.