Microsoft Disrupts Russian Spies

Microsoft’s Threat Intelligence Centre has announced that it disrupted a Russian-state backed threat group that is believed to have run espionage campaigns against several different NATO countries.

Microsoft said it had disabled accounts used by the Seaborgium group for reconnaissance, phishing, and email collection and updated detections against its phishing domains in Microsoft Defender SmartScreen.

Also known by threat researchers as Callisto Group, ColdRiver and TA446, Seaborgium is a “highly persistent threat actor” that focuses most of its time on the US and UK, and occasionally the countries of the Baltics, Nordics and Eastern Europe.

Once Seaborgium has access to the victim’s email account, it will look to exfiltrate intelligence data and, on occasion, approach other people of interest via these compromised accounts in order to access sensitive info.

Seaborgian will even set up forwarding rules from victim inboxes to enable persistent data collection.

According to Microsoft “Once successful, it slowly infiltrates targeted organizations' social networks through constant impersonation, rapport building, and phishing to deepen their intrusion.. Seaborgium is a highly persistent threat actor, frequently targeting the same organisations over long periods of time."

Under its various names, the group has run different campaigns that leverage social networks through impersonation, rapport building, and phishing. The group has been running these campaigns for years using the same tactics, including over 30 different targets just this year.

The group has been successfully targeting former intelligence officials, Russian citizens living abroad and compromising organisations of interest for several years through via persistent campaigns, “rarely changing methodologies or tactics "Microsoft say.

2022’s targets have included defense and intelligence consulting companies, non-governmental organizations, higher education and think tanks. 

Microsoft:    Oodaloop:       Infosecurity Magazine:        Security Week:      Cybersecurity-Help:   Techmonitor

Breaking Defense:    Cyberthrone:  

You Might Also Read:

Russia Escalates Spying On Ukraine’s Allies:

 

« Xiaomi Phone Bug Enables Theft
Think Carefully Before You Pay For Cloud Downtime Insurance »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Infinigate UK

Infinigate UK

Infinigate is a value-added distributor of IT security solutions to protect and defend IT networks, servers, devices, data, applications, as well as the cloud.

PrivateCore

PrivateCore

We protect data-in-use from hackers trying to steal data such as encryption keys, certificates, intellectual property.

Proficio

Proficio

Proficio is a world-class Managed Security Service Provider providing managed detection and response solutions, 24×7 security monitoring and advanced data breach prevention services worldwide.

Herbert Smith Freehills

Herbert Smith Freehills

Herbert Smith Freehills is a leading professional services including data protection and privacy.

Travelers

Travelers

Travelers is a leading writer of US commercial property casualty insurance and one of the world’s largest global insurers for cyber insurance.

CM Blockchain Security Center

CM Blockchain Security Center

We are dedicated to building a healthier blockchain ecosystem, providing solutions to security technology, and helping those who practice in the area of blockchain to get insight into industry trends.

Griffiss Institute (GI)

Griffiss Institute (GI)

GI's primary role is to advocate and facilitate the co-operation of private industry, academia, and the Air Force Research Laboratory in developing solutions to critical cyber security problems.

ComoNExT Innovation Hub

ComoNExT Innovation Hub

ComoNExT is a Digital Innovation Hub and a startup incubator with a focus on the issues of digital transformation and Industry 4.0.

Vietnamese Security Network (VSEC)

Vietnamese Security Network (VSEC)

Vietnamese Security Network (VSEC) is an information security company providing website vulnerability scanning and monitoring services.

Ultra Electronics

Ultra Electronics

Ultra specialises in providing application-engineered bespoke solutions. We focus on mission critical and intelligent systems in the defence, security, critical detection & control markets.

Seadot Cybersecurity

Seadot Cybersecurity

Seadot offer cybersecurity services to organizations with a high demand for regulatory compliance and security.

CodeHunter

CodeHunter

CodeHunter is a malware hunting SaaS platform designed to detect all variations of malware, known and unknown, without the need for source code or signatures.

Tuta

Tuta

Tuta (formerly Tutanota) is an all-in-one email, calendar and contacts app which protects your data with full end-to-end encryption and it requires zero personal information.

Resilience Cyber insurance

Resilience Cyber insurance

Resilience helps to improve cyber resilience by connecting cyber insurance coverage with advanced cybersecurity visibility and a shared plan to reinforce great cyber hygiene.

Atlas Cloud

Atlas Cloud

Atlas Cloud is a UK-wide provider of managed services based in Newcastle. Our ‘research-led’ approach to IT services helps leaders make better decisions about IT for their businesses.

WPScan

WPScan

With WPScan, you'll be the first to know about vulnerabilities affecting your WordPress installation, plugins, and themes.