The tech giant has blocked a campaign that targets NATO countries through hacking and social engineering. The campaign is linked to a Russian group called Seaborgium.
The Seaborgium, which is tracked by Google as ColdRiver and by security officer Proofpoint as TA446, focuses mainly on NATO countries and is seen as an organization sponsored by Russia. The group has also conducted cyber campaigns in Scandinavia and Eastern European countries such as Ukraine. In addition, the attackers try to steal sensitive emails from organizations or people that may interest Russia.
“Within these target countries, Seaborgium primarily targets defense companies and intelligence advisory organizations, as well as NGOs, think tanks, and higher education,” the Microsoft Threat Intelligence Center writes in a blog post. In addition, the group would attack Russian political experts and citizens abroad, among others.
They do that through some classic phishing techniques, Microsoft continues, such as creating fake online social media profiles, which are used to contact these individuals and organizations. At some point, PDFs are sent via an error message to a phishing site that attempts to steal logins or authentication cookies.
The ultimate goal seems to be to gain access to the victim’s email account, where emails are stolen, or where the attackers set a rule that all emails are automatically forwarded to them. In addition, the group is said to have stolen documents from British political organizations and activists in the past.