Security News > 2022 > August > Reckon Russian spies are lurking in your inbox? Check for these IOCs, Microsoft says

This included using email, OneDrive and other Microsoft cloud services accounts, as well as phony LinkedIn profiles that the criminals used to scope out employees who work for target organizations.

In May, Google and Reuters attributed a hack-and-leak campaign to Coldriver, aka Seaborgium, in which the criminals leaked emails and documents reportedly stolen from high-level Brexit proponents, including former British spymaster Richard Dearlove.

"I am well aware of a Russian operation against a Proton account which contained emails to and from me," Dearlove told Reuters at the time, referring to the privacy-focused email service ProtonMail.

Since the beginning of the year, Redmond said it noted Seaborgium campaigns targeting more than 30 organizations, as well as personal email accounts belonging to former intelligence officials, Russian experts, and Russian citizens abroad. In fact, 30 percent of the software giant's nation-state notifications related to Seaborgium activity have been delivered to customers' personal email accounts, according to the Microsoft Threat Intelligence Center.

The criminals make contact with their targets via email, and for this they register new accounts with different consumer email providers, and they use email addresses or alias designed to look like a legitimate person.

"In cases of personal or consumer targeting, MSTIC has mostly observed the actor starting the conversation with a benign email message, typically exchanging pleasantries before referencing a non-existent attachment while highlighting a topic of interest to the target," the security alert said.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/08/16/microsoft_russian_spies/