Russian and Iranian Spear Phishing Campaigns are Running Rampant in the UK



Spear Phishing CampaignsThe UK’s National Cyber Security Centre (NCSC) has described two separate spear phishing campaigns launched by Russia’s SEABORGIUM threat actor and Iran’s TA453 (also known as Charming Kitten). The NCSC says both threat actors have targeted entities in the UK, including “academia, defence, governmental organisations, NGOs, think-tanks, as well as politicians, journalists, and activists."

The threat actors first conduct reconnaissance on their targets by researching social media and other open-source information. After this, they’ll make contact under the guise of a journalist, colleague, or someone else the victim would be likely to respond to.

“Having taken the time to research their targets’ interests and contacts to create a believable approach, SEABORGIUM and TA453 now start to build trust,” the report says. “They often begin by establishing benign contact on a topic they hope will engage their targets. There is often some correspondence between attacker and target, sometimes over an extended period, as the attacker builds rapport.”

The threat actors then send the victim a link disguised as something related to their previous conversations.

“Once trust is established, the attacker uses typical phishing tradecraft and shares a link, apparently to a document or website of interest,” the NCSC says. “This leads the target to an actor-controlled server, prompting the target to enter account credentials. The malicious link may be a URL in an email message, or the actor may embed a link in a document on OneDrive, GoogleDrive, or other file-sharing platforms.

TA453 has even shared malicious links disguised as Zoom meeting URLs, and in one case, even set up a Zoom call with the target to share the malicious URL in the chat bar during the call. Industry partners have also reported the use of multi-persona impersonation (use of two or more actor-controlled personas on a spear-phishing thread) to add the appearance of legitimacy.”

New-school security awareness training can enable your employees to follow security best practices so they can thwart targeted phishing attacks.

The NCSC has the story.


Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/phishing-security-test-offer

Topics: Spear Phishing



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews