Dozens of companies and “persons of interest” have been targeted since the start of the year by phishing attacks carried out by a Russian-based spy group. So says Microsoft. The group is called by tech firm Seaborgium and is said to focus on stealing emails and attachments from victims’ mailboxes.
Before the spy team launches a phishing attack, research on the target takes place, mainly targeting the social network or contacts within the target’s sphere of influence. For example, attackers use LinkedIn to communicate through fake profiles and build relationships of trust.
Attackers send messages with links or attachments that link to a phishing site. Once victims enter their email account credentials on this website, attackers attempt to steal emails and attachments from the mailbox. Attackers also set up forwarding rules so that incoming email is automatically forwarded to a specific email address.
Microsoft says the attackers gained access to the mailing list data of “sensitive groups,” including former intelligence officials. This data is used for further attacks. According to Microsoft, the personal accounts of more than 30 companies and an undisclosed number of “persons of interest” have been targeted since the start of the year.
This mainly concerns companies in the United States and the United Kingdom, as well as the Baltic countries, Scandinavia and Eastern Europe. To counter such attacks, Microsoft recommends using multi-factor authentication (MFA) for all users and from all locations. It is recommended to use more secure MFA implementations such as FIDO tokens or Microsoft Authenticator and avoid SMS-based MFA.