Security News > 2023 > January > UK warns of increased attacks from Russian, Iranian hackers
The U.K. National Cyber Security Centre has issued a warning of Russian and Iranian state-sponsored hackers increasingly targeting organizations and individuals.
More specifically, the country's cybersecurity agency has identified a spike in spear-phishing attacks attributed to threat actors tracked as SEABORGIUM and TA453.
"The attacks are not aimed at the general public but targets in specified sectors, including academia, defense, government organizations, NGOs, think tanks, as well as politicians, journalists, and activists" - U.K. NCSC. SEABORGIUM, also known as 'TA446,' is a Russian state-sponsored threat group that targeted NATO countries last summer.
TA453, also known as APT42, is an Iranian threat group believed to be operating from within the Islamic Revolutionary Guard Corps - the main branch of the Iranian Armed Forces.
Once the threat actors have built a rapport with the victim, they share a malicious link that takes the target to a phishing site from where they steal email account credentials and access the target's entire archive of recent communications.
The NCSC suggests that potential targets enable their email providers' automated email scanning features and disable all mail-forwarding rules.
- Google Fi data breach let hackers carry out SIM swap attacks (source)
- Iranian OilRig Hackers Using New Backdoor to Exfiltrate Data from Govt. Organizations (source)
- Hackers backdoor Windows devices in Sliver and BYOVD attacks (source)
- Russian Hacker Pleads Guilty to Money Laundering Linked to Ryuk Ransomware (source)
- Russian hackers using new Graphiron information stealer in Ukraine (source)
- Russian Hackers Using Graphiron Malware to Steal Data from Ukraine (source)
- US, UK slap sanctions on Russians linked to Conti, Ryuk, Trickbot malware (source)
- U.K. and U.S. Sanction 7 Russians for TrickBot, Ryuk, and Conti Ransomware Attacks (source)
- Russian hacker convicted of $90 million hack-to-trade charges (source)
- Hackers start using Havoc post-exploitation framework in attacks (source)