Microsoft disrupts Russian cyberespionage campaign

The Microsoft Threat Intelligence Center (MSTIC) has disrupted malicious phishing campaigns by Seaborgium, a Russian threat actor aligned closely with the Russian government. Microsoft claims to have disrupted the phishing operations with the help of Google’s Threat Analysis Group and the Proofpoint Threat Research Team.

Seaborgium primarily targets non-governmental organisations (NGOs), intergovernmental organisations (IGOs), think tanks, and defence and intelligence consulting firms in NATO countries. According to the Microsoft Threat Intelligence Center (MSTIC), ‘Such targeting has included the government sector of Ukraine in the months leading up to the invasion by Russia and organizations involved in supporting roles for the war in Ukraine.’

The Seaborgium group uses open-source intelligence, personal directories, and social media platforms like LinkedIn to surveil targeted individuals. Additionally, threat actors use trustworthy email providers to contact their target while posing as someone else. Following contact with the victim, the threat actor sends a malicious link to request the victim’s login details to steal data and credentials.