GCHQ says UK under attack from groups in Russia and Iran

The UK’s National Cyber Security Centre has exposed details of malicious campaigns against targets of interest across specified sectors, including academia

The UK’s National Cyber Security Centre (NCSC) has warned of the threat from targeted spear-phishing campaigns against organisations and individuals carried out by cyber groups working out of Russia and Iran.

GCHQ’s NCSC advisory shared details about the techniques and tactics used by the attackers and mitigation advice to combat the continuing threat.

Spear-phishing involves an attacker sending malicious links, for example, via email, to specific targets to try to induce them to share sensitive information.

The NCSC advisory highlights that throughout 2022 separate malicious campaigns were conducted by Russia-based group SEABORGIUM and Iran-based group TA453, also known as APT42, to target a range of organisations and individuals in the UK and elsewhere for information-gathering purposes.

The attacks are not aimed at the general public but instead target those in specified sectors, including academia, defence, government organisations, NGOs, think tanks, as well as politicians, journalists and activists.

The advisory, based on NCSC understanding and extensive industry reporting, recommends organisations and individuals remain vigilant to approaches and follow the mitigation advice to protect their online accounts from compromise.

Phishing tradecraft shares malicious links

“These campaigns by threat actors based in Russia and Iran continue to ruthlessly pursue their targets in an attempt to steal online credentials and compromise potentially sensitive systems,” says Paul Chichester, NCSC Director of Operations.

“We strongly encourage organisations and individuals to remain vigilant to potential approaches and follow the mitigation advice in the advisory to protect themselves online.”

This activity is typical of spear-phishing attacks, where the actor undertakes reconnaissance activity around their target to tailor their content before making an approach. NCSC advisors say contact may initially appear benign as the attacker looks to gain the targets’ trust and build a rapport before using typical phishing tradecraft to share malicious links that can lead to credential theft and onward compromise.

The advisory describes how approaches have been made via email, social media and professional networking platforms, with attackers impersonating real-world contacts of their targets, sending false invitations to conferences and events, and sharing malicious links disguised as Zoom meeting URLs. While the malicious campaigns use similar techniques and have similar targets, the campaigns are separate, and the two actors are not collaborating.

The advisory provides additional advice to mitigate the spear-phishing activity, including:

  • Use strong and separate passwords for email accounts
  • Turn on multi-factor authentication
  • Protect devices and networks by keeping them up to date
  • Exercise vigilance
  • Enable email providers’ automated email scanning features
  • Disable mail-forwarding

Featured Articles

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Research from Egress Threat Intelligence, Avast, Cequence Security & KnowBe4 outlines how AI is being used in dating app phishing scams on Valentine’s Day

Speaker Lineup Announced for Tech Show London 2024

See Below for a Newly Announced Speaker List for Tech Show London 2024, as it Promises to Showcase Technology Trends Will Impact Various Sectors

Darktrace predicts AI deepfakes and cloud vulnerabilities

Darktrace reveals its top predictions for AI and cybersecurity developments in 2024, which include AI worms, hallucinations and cloud concerns

Secure 2024: AI’s impact on cybersecurity with Integrity360

Technology & AI

IT and OT security with Ilan Barda, CEO of Radiflow

Cyber Security

QR ‘Quishing’ scams: Do you know the risks?

Application Security