The National Cyber Security Center (NCSC) in the United Kingdom has warned of spearphishing attacks to gather information by Russian and Iranian state-sponsored actors. These cyber adversaries are using increasingly deceptive tactics, such as impersonating trusted contacts and crafting convincing emails to lure victims into revealing sensitive information. According to the Director of Operations at NCSC, Paul Chichester, threat actors based in Russia and Iran “continue to ruthlessly pursue their targets in an attempt to steal online credentials.” They are compromising sensitive systems, posing a serious threat to businesses, government entities, and individuals alike.
Who Are These State-Sponsored Actors and How Do They Operate?
The SEABORGIUM group (aka Callisto, COLDLIVER, and TA446) is a Russian state-sponsored threat actor with a history of pulling off credential harvesting attacks. They create fake login pages, mimicking legitimate defense companies and nuclear research labs.
The other group, APT42 (aka ITG18, TA453, and Yellow Garuda), assists Iran’s Islamic Revolutionary Guard Corps (IRGC). It is said to be connected with PHOSPHORUS and is part of Charming Kitten, which is a larger group. Although there are similarities in the modus operandi of the two groups, however, there is no evidence that they are working together.
According to the NCSC, the attacks are aimed at sectors like government organizations, NGOs, academia, defense, think tanks, journalists, activists, and politicians. The threat actors operate by sending tailored messages to the targets after doing thorough research on their identities, and interests, as well as professional and social circles. This method is known as spearphishing. After gaining the trust of the targets, malicious links are sent to them in order to steal their credentials, which are then used to log in to email accounts and to gain access to sensitive information.
National Cyber Security Center’s Guide to Protecting Your Organization from Email Phishing Attacks
Phishing attacks are mostly conducted through emails; however, they can be undertaken via text message, social media, or even by phone. Attackers gain the trust of the victims and then send them malicious links that download malware or direct them to a compromised website.
Spear phishing involves the attacker using information about your company or its employees to create persuasive and realistic messages.
Here are a few ways you can defend and protect your organization from phishing attacks:
- Multifactor Authentication (MFR) is a security control that prompts a user to verify their login identity through a combination of two or more authenticators. The idea is to make it tough for cyberthreat actors to gain access to information systems and networks, even if a password or a personal identification number has been compromised. When multiple factors are enabled, an unauthorized user will not gain access to a system unless they know both or all the factors.
- A lot of organizations focus only on being able to spot phishing emails; however, this approach will have limited success as it does not take into account dealing with the attacks that get through and cause harm. It is therefore necessary to include technical measures in your approach.
The guidance provided by NCSC has four layers of defense:
- Make it difficult for attackers to reach your users;
- Identify and report suspected phishing emails;
- Protect your organization from undetected phishing emails;
- Respond quickly.
Conclusion
As cyber threats continue to evolve, organizations and individuals must remain vigilant against spear-phishing campaigns led by state-sponsored actors. The National Cyber Security Center’s latest warning highlights the growing sophistication of Russian and Iranian cyber adversaries who exploit trust and social connections to compromise sensitive information. By following the NCSC’s recommended layers of defense, organizations can strengthen their security posture and reduce the risk of falling victim to credential theft and cyber espionage.
For more information on the guidance by NCSC on protecting your organization from phishing attacks, click here.
Disclaimer: Any opinions expressed in this blog do not necessarily reflect the opinions of Certrec. This content is meant for informational purposes only.
