20 August 2022

Microsoft Disrupts Russian Cyber-Espionage Group Seaborgium


Microsoft has announced that it disrupted a Russian-state backed threat group that is believed to have run espionage campaigns against several different NATO countries. According to the tech giant, the prolific hacking group that is identified by the name “Seaborgium” focuses most of its attacks on entities located in the US and UK. In addition, the group has been known to target countries of the Baltics, Nordics, and Eastern Europe. Microsoft reported that it disabled accounts used by the hacking group for efforts such as phishing, email collection and reconnaissance. In addition, Microsoft has updated detections against its phishing domains in its Microsoft Defender SmartScreen.

The group is also known as Callisto Group, ColdRiver, and TA446. Known to be highly persistent, the group has run different campaigns that leverage social networks through impersonation, rapport building, and phishing. The group has been running campaigns for years using the same tactics, including over 30 different targets just this year. 2022’s targets have included defense and intelligence consulting companies, non-governmental organizations, higher education, and think tanks. In addition, the group has been observed targeting former intelligence officials and Russian citizens living abroad, Microsoft stated.

No comments: