NCSC Alert: British Journalists & Politicians Are Hacking Targets

Russian and Iranian government-linked hackers are focusing on British politicians, journalists and researchers with the aim to get access to their email accounts.

Britain's National Cyber Security Centre (NCSC) has now published an alert about two groups from Russia and Iran, warning those in government, defence, thinktanks and the media against clicking on malicious links from people posing as conference hosts, journalists or even colleagues. Researchers say that the hackers target their victims,  impersonating people known to them using fake email addresses and social media profiles.

NCSC Director of Operations, Paul Chichester, said “The UK is committed to exposing malicious cyber activity alongside our industry partners and this advisory raises awareness of the persistent threat posed by spear-phishing attacks... These campaigns by threat actors based in Russia and Iran continue to ruthlessly pursue their targets in an attempt to steal online credentials and compromise potentially sensitive systems.

“We strongly encourage organisations and individuals to remain vigilant to potential approaches and follow the mitigation advice in the advisory to protect themselves online.”

The Russian group is thought to be Cold River, which is also known as Callisto and Seaborgium, which hacked nuclear research operations in the US and they leaked emails from ex-MI6 chief Sir Richard Dearlove. Similar methods have also been used by the Iranian based group ‘Charming Kitten’ to collect information. Independent cyber-security experts have linked the group to the nation’s Islamic Revolutionary Guard Corps, and it is alleged that it has targeted US politicians as well as critical infrastructure.

Both groups have recently increased their hacking in the UK as the war in Ukraine continues and they are also actively hacking the US and other NATO members with the aim is to steal secrets and to leak correspondence online to embarrass high-profile figures.

The hackers typically seek to gain confidence of a target by impersonating somebody likely to make contact with them, such as by falsely impersonating a journalist, and ultimately luring them to click on a malicious link, sometimes over the course of several emails and other online interactions.

Although the method is one of the oldest hacking techniques, but the NCSC say that what distinguishes the two groups is the effort made to fool their targets, including creating “fake social media or networking profiles that impersonate respected experts” and offering invitations to nonexistent conferences relevant to their targets.

Immanuel Chavoya, Senior Manager of Product Security at SonicWall commented "..The latest data shows how bad actors are getting smarter in the development of evolutionary strains and more targeted in their assaults.” 

The NCSC encourages people to use strong email passwords and one recommended technique is to use three random words, and not replicate it as a login credential on other websites. It also recommends people use two-factor authentication, using a mobile phone as part of the log on process, ideally by using a special authenticator app.

Organisations and their employees should be particularly careful when receiving plausible sounding messages from strangers who rely on Gmail, Yahoo, Outlook or other webmail accounts, sometimes impersonating “known contacts” of the target culled from social media. 

The NCSC recommends that if individuals or organisations in the identified sectors recognise the specific and targeted activity described in the advisory, they should report it to them.

NCSC:      Guardian:    BBC:   WION:   FirstPost:   The Times:    AA

You Might Also Read: 

Cyber Threats & Nuclear Fears:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Preventing Ransomware Attacks Begins With You
Will The Insider Threat Intensify During The Recession? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NSFOCUS Information Technology

NSFOCUS Information Technology

NSFOCUS is a global service provider and enterprise DDoS mitigation solution provider.

Panda Security

Panda Security

Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions.

Fasoo

Fasoo

Fasoo provides data-centric security to protect data within the organizational perimeter and beyond by limiting access to sensitive data according to policies that cover both users and activities.

OPSWAT

OPSWAT

OPSWAT is a software company that provides solutions to secure and manage IT infrastructure.

ESG Elektroniksystem- und Logistik-GmbH

ESG Elektroniksystem- und Logistik-GmbH

ESG offer a comprehensive portfolio of cyber and IT services ranging from consulting, solutions and operations to testing, simulation and training.

REVI-IT

REVI-IT

REVI-IT is a Danish state-owned audit firm focusing on enterprise IT business processes and compliance,

VADO Security Technologies

VADO Security Technologies

VADO Security enables the safe transfer of data between low & high security networks.

German Israeli Partnership Accelerator (GIPA)

German Israeli Partnership Accelerator (GIPA)

GIPA is based on two pillars: it is an incubator aimed at young academics and a program to transfer cybersecurity expertise to corporate partners.

Cyber Security Cloud (CSC)

Cyber Security Cloud (CSC)

Cyber Security Cloud provides web application security services worldwide using world's leading cyber threat intelligence and AI technology.

Athreon

Athreon

Athreon utilizes a fusion of AI technology, human interpretation, and the latest in cybersecurity to deliver sound business solutions that help our clients make better data-driven decisions.

Vali Cyber

Vali Cyber

Vali Cyber was founded in 2020 with the mission of addressing the specific cybersecurity needs of Linux.

HCS

HCS

HCS is an IT Company and Telecoms provider with an experienced team who are dedicated to ensuring our clients business systems are protected.

Telesign

Telesign

Telesign connect, protect, and defend online experiences with sophisticated digital identity and programmable communications solutions.

Cranium

Cranium

Cranium are an international consultancy organisation specialised in privacy, security and data management.

Cynch Security

Cynch Security

Cynch Security are passionate about building a world where every business is resilient to cybersecurity risks, no matter what their size.

Cyberlocke

Cyberlocke

Cyberlocke is dedicated to finding inventive solutions to meet the distinct IT obstacles of each organization we support.

Custocy

Custocy

Custocy is a unique collaborative AI technology that identifies sophisticated and unknown (zero-day) attacks.