Security News > 2022 > August > Microsoft disrupts Russian hackers' operation on NATO targets
The Microsoft Threat Intelligence Center has disrupted a hacking and social engineering operation linked to a Russian threat actor tracked as SEABORGIUM that targets people and organizations in NATO countries.
"Within the target countries, SEABORGIUM primarily focuses operations on defense and intelligence consulting companies, non-governmental organizations and intergovernmental organizations, think tanks, and higher education," explains Microsoft in a report released today.
Once the hackers gains access to the targeted email account, Microsoft says they either steal emails and attachments or set up forwarding rules to receive all new emails sent to the compromised account.
In May 2022, Google and Microsoft detected attacks conducted by the threat actors to steal documents from UK political organizations and activists.
Disrupting SEABORGIUM. Today, Microsoft says they have taken action to disrupt SEABORGIUM's campaigns by disabling accounts used for surveillance, phishing, and email collection.
Defenses include disabling email auto-forwarding in Microsoft 365, using the IOCs to investigate for potential compromise, requiring MFA on all accounts, and for more security, requiring FIDO security keys.
News URL
Related news
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- Hackers spoof Microsoft ADFS login pages to steal credentials (source)
- Suspected NATO, UN, US Army hacker arrested in Spain (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- Russian military hackers deploy malicious Windows activators in Ukraine (source)
- If you dread a Microsoft Teams invite, just wait until it turns out to be a Russian phish (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Chinese hackers abuse Microsoft APP-v tool to evade antivirus (source)
- Microsoft: North Korean hackers join Qilin ransomware gang (source)
- Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp (source)