Microsoft Disrupts Russian Cyber Operation Against NATO Countries

Share post:

The Microsoft Threat Intelligence Center (MSTIC) has disrupted the activities of a Russian-linked threat actor targeting people and organizations in NATO countries.

Identified as SEABORGIUM by Microsoft, by Google as ColdRiver, and by Proofpoint as TA446, the campaign seeks to steal sensitive emails from organizations and individuals of interest to Russia.

Microsoft was able to disrupt SEABORGIUM’s campaigns by disabling accounts used for monitoring, phishing and email collection.

In order to carry out attacks, SEABORGIUM creates online personas via email, social media and LinkedIn accounts that are used in social engineering campaigns. These fake personas are then used to target victims.

Using the fake persona, the attackers build a relationship with the victims, which ultimately leads to the attackers sending a phishing attachment.

According to Microsoft, these malicious attachments are spread via emails with attached PDFs, links to file hosting services, or OneDrive accounts hosting the PDF documents.

After accessing a targeted email account, Microsoft claims that they either steal emails and attachments, or set forwarding rules to receive all new emails sent to the compromised account.

To protect against this type of attack, defenses should disable automatic email forwarding in Microsoft 365, use IOCs to investigate potential compromises, require MFA for all accounts, and require FIDO security keys for greater security.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

TikTok Resumes Following Trump Intervention In Federal Ban: Hashtag Trending for Monday, January 20, 2025

TikTok restores service following federal ban and Trump intervention, Apple hits pause on faulty AI news notifications in...

Hamilton Estimates $52 Million to Rebuild IT Systems After Ransomware Attack

The city of Hamilton plans to spend $52 million over the next three years to rebuild and secure...

Avery Data Breach: Credit Card Skimmer Affects Over 61,000 Customers

Label maker Avery has disclosed a data breach affecting 61,193 customers, caused by a credit card skimmer that...

Apple Halts AI News Feature After Missteps in iOS 18

Apple has temporarily disabled its AI-generated news notification feature following several high-profile inaccuracies. The feature, part of the...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways