Two separate but similar espionage campaigns from Russian and Iranian-linked groups have prompted a warning from Britain’s National Cyber Security Centre.
In a document published on Thursday local time the NCSC warned how instead of sending surprise phishing emails, the hacking groups – identified as “Russia-based” SEABORGIUM and “Iran-based” APT42, or Charming Kitten – are contacting their targets in a benign fashion and attempting to build a rapport and a sense of trust.
Only after this has been established do the groups attempt to dupe their victims into visiting a website which looks like the real sign-in page of a legitimate service, such as Gmail or Office 365, but is actually designed to harvest the target’s log-in credentials.
Individuals working in “academia, defence, government organisations, NGOs, think-tanks, as well as politicians, journalists and activists,” are being targeted by the two groups. The attackers use “open-source resources to conduct reconnaissance, including social media and professional networking platforms” before reaching out.