www.computerweekly.com
Open in
urlscan Pro
104.18.29.218
Public Scan
Submitted URL: https://go.techtarget.com/r/259115970/45455645?bt_ee=uTdCVWMHO2nM9Yvg9k%2FEd8epr3Id3z6lVrICXI7Nemw%3D&bt_ts=1674750517811
Effective URL: https://www.computerweekly.com/news/252529571/NCSC-exposes-Iranian-Russian-spear-phishing-campaign-targeting-UK?utm_campaign=20...
Submission: On January 27 via manual from NZ — Scanned from NZ
Effective URL: https://www.computerweekly.com/news/252529571/NCSC-exposes-Iranian-Russian-spear-phishing-campaign-targeting-UK?utm_campaign=20...
Submission: On January 27 via manual from NZ — Scanned from NZ
Form analysis 1 forms found in the DOM
GET https://www.computerweekly.com/search/query
<form action="https://www.computerweekly.com/search/query" method="get" class="header-search">
<label for="header-search-input" class="visuallyhidden">Search the TechTarget Network</label>
<input class="header-search-input" id="header-search-input" type="text" name="q" placeholder="Search Computer Weekly">
<button aria-label="Search" class="header-search-submit"><i class="icon" data-icon="g"></i></button>
<ul class="ui-autocomplete ui-front ui-menu ui-widget ui-widget-content ui-corner-all" id="ui-id-1" tabindex="0" style="display: none;"></ul>
</form>Text Content
3
Trending Now
Your Guide to 2022: Cyber Security in a Decentralised WorldDownload NowView All3
X
3Hello, these 3 documents have been trending and as a member they are free to
you.
*
Your Guide to 2022: Cyber Security in a Decentralised WorldDownload Now
*
UK’s NCSC: Passwordless Authentication GuidelinesDownload Now
*
Building a layered defense to combat advanced phishing threatsDownload Now
Search the TechTarget Network
Join CW+
Login Register Cookies
* News
* In Depth
* Blogs
* Opinion
* Videos
* Photo Stories
* Premium Content
* Webinars
* IT Salary Survey infographic
RSS
* IT Management
* IT leadership & CW500
* IT architecture
* IT efficiency
* Governance
* Innovation
* Legislation & regulation
* Operations & support
* Project management
* Strategy
* Supplier management
* Business issues
* Sponsored Communities
* Industry Sectors
* Healthcare IT
* Charity IT
* Business services IT
* Financial services IT
* Government & public sector IT
* Leisure & hospitality IT
* Manufacturing IT
* Media & entertainment IT
* Retail IT
* SME IT
* Telecoms & internet
* Transport & travel IT
* Utilities IT
* IT suppliers
* Technology Topics
Datacentre View All
* Clustering for high availability and HPC
* Containers
* Converged infrastructure
* Datacentre backup power and power distribution
* Datacentre capacity planning
* Datacentre cooling infrastructure
* Disaster recovery/security
* Green IT
* Performance, monitoring and optimisation
* Systems management
* DevOps
* IaaS
* Server and Operating Systems
* PaaS
* Virtualisation
* SaaS
* Desktop virtualisation platforms
Enterprise software View All
* AI and automation
* Blockchain
* Business applications
* Business intelligence
* Cloud applications
* Collaboration
* CRM
* Database
* ERP
* Financial applications
* HR software
* Middleware
* Microservices
* Windows
* Mobile
* Open source
* Operating systems
* SOA
* Software development
* Software licensing
* Virtualisation
* Web software
IT in Europe and Middle East View All
* IT in Benelux
* IT in Germany
* IT in Italy
* IT in Poland
* IT in Russia
* IT in Spain
* IT in the Middle East
* IT in Turkey
* IT in France
* IT in the Nordics
Information Management View All
* Big data
* Business intelligence and analytics
* BPM
* Content management
* Quality/governance
* Data warehousing
* Database management
* MDM/Integration
IT in Asia-Pacific View All
* IT in ASEAN
* IT in Australia & New Zealand
* IT in India
Internet View All
* Cloud
* E-commerce
* Internet infrastructure
* Social media
* Web development
IT skills View All
* Diversity in IT
* Training
* Jobs
* Management skills
* Technical skills
Hardware View All
* Chips & processors
* Printers
* Storage
* Data centre
* Mobile
* Networking
* PC
* Servers
IT security View All
* Antivirus
* Secure Coding and Application Programming
* Continuity
* Cloud security
* Data Breach Incident Management and Recovery
* Endpoint and NAC Protection
* Cybercrime
* IAM
* Risk management
* Network Security Management
* Data protection
* Compliance Regulation and Standard Requirements
* Security policy and user awareness
* Web Application Security
IT services View All
* Cloud
* Consultancy
* Outsourcing
* Hosting
* Offshore
* Startups
Mobile View All
* Laptop
* Mobile software
* Mobile networking
* Smartphone
* Tablet
Networking View All
* Datacentre networking
* Internet of Things
* Mobile
* Network hardware
* Network monitoring and analysis
* Network routing and switching
* Network security strategy
* Network software
* Software-defined networking
* Telecoms networks and broadband communications
* Unified communications
* VoIP
* WAN performance and optimisation
* Wireless
Storage View All
* Cloud storage
* Containers and storage
* Compliance and storage
* Backup
* Disaster recovery
* Flash and SSDs
* Hyper-convergence
* Object storage
* Disk systems
* Software-defined storage
* Storage switches
* Storage management
* Storage performance
* Virtualisation and storage
Please select a category
* Datacentre
* Enterprise software
* IT in Europe and Middle East
* Information Management
* IT in Asia-Pacific
* Internet
* IT skills
* Hardware
* IT security
* IT services
* Mobile
* Networking
* Storage
* Follow:
*
*
*
* ComputerWeekly.com.br
* ComputerWeekly.de
* ComputerWeekly.es
* LeMagIT.fr
* MicroScope.co.uk
* Home
* Hackers and cybercrime prevention
fresnel6 - Fotolia
fresnel6 - Fotolia
News
NCSC EXPOSES IRANIAN, RUSSIAN SPEAR-PHISHING CAMPAIGN TARGETING UK
SPEAR-PHISHING CAMPAIGNS LIKELY LINKED TO IRANIAN AND RUSSIAN ESPIONAGE ACTIVITY
ARE TARGETING PERSONS OF INTEREST IN THE UK, WARNS THE NCSC
* Share this item with your network:
*
*
*
*
*
*
*
* *
*
*
*
By
* Alex Scroxton, Security Editor
Published: 26 Jan 2023 0:01
Hostile advanced persistent threat (APT) groups aligned with the national
interests of Iran and Russia are targeting UK nationals including academics,
activists, charity and NGO workers, defence and government officials,
journalists, and politicians, with carefully crafted and highly targeted
spear-phishing emails, according to new intelligence from the UK’s National
Cyber Security Centre (NCSC).
The distinct yet technically similar campaigns are attributed with relative
confidence to Iran’s TA453, which also goes by Charming Kitten among other
names, and Russia’s Seaborgium, which also goes by Cold River and was recently
linked to an attack on former MI6 chief Richard Dearlove and a group of hard
Brexit advocates, and an incident targeting US nuclear scientists.
The ongoing pattern of cyber activity is suspected, although not confirmed by
the NCSC, to be linked to intelligence gathering in support of the goals of the
APTs’ supposed government paymasters in Tehran and Moscow.
It is relatively small in scale and does not pose an immediate threat to the
majority of the British public in the grand scheme of things, according to the
NCSC’s operations director, Paul Chichester, who said it was more the
sophistication of the attacks, rather than the volume, that was a worry.
“The UK is committed to exposing malicious cyber activity alongside our industry
partners, and this advisory raises awareness of the persistent threat posed by
spear-phishing attacks,” he said.
“These campaigns by threat actors based in Russia and Iran continue to
ruthlessly pursue their targets in an attempt to steal online credentials and
compromise potentially sensitive systems.
“We strongly encourage organisations and individuals to remain vigilant to
potential approaches and follow the mitigation advice in the advisory to protect
themselves online.”
READ MORE ABOUT SPEAR-PHISHING
* The Dark Pink advanced persistent threat group used custom malware to
exfiltrate data from high-profile targets through spear-phishing emails last
year, according to Group-IB.
* The increasingly active Ducktail cyber crime operation is refining its
operations, seeking new methods to compromise its victims’ Facebook Business
accounts.
The NCSC is today issuing a new advisory addressed directly to potential victims
– something it only generally does when it is relatively certain there is an
urgent need to conduct outreach towards vulnerable organisations or individuals,
so its findings are worth noting.
The two spear-phishing campaigns observed both deploy relatively similar
elements of cyber tradecraft, particularly when it comes to spear-phishing
techniques.
Contact will generally appear benign and may seem to originate from legitimate
contacts, as the groups look to gain the confidence and trust of their intended
victims. The lures observed included fake invitations to conferences or events.
Approaches are being made via email, social media and professional networks, but
notably in this instance, TA453 and Seaborgium have been seen targeting the
personal email accounts of their victims, as opposed to official work accounts.
The NCSC believes this tactic may present an easier route in for the attackers,
taking advantage of people being more inclined to trust people to whom they have
given their personal email address, or being less on their guard when using
personal services. It can also help them bypass email security controls that may
be in place on organisational networks.
The email correspondence may also appear to be part of an ongoing thread, and in
some instances, these groups have even been observed adopting multiple personas
to create convincing email threads, which helps build a rapport and presents a
narrative that the victim may be more inclined to respond to.
SHARING MALICIOUS CONTENT
Ultimately, the objective of the campaigns is to share malicious documents or
links to phishing websites that can lead to downstream credential theft and
compromise. In the observed campaigns, many of these links were disguised as
Zoom meeting URLs.
The NCSC emphasised that while the two campaigns share many similarities, it has
found no evidence that they are linked, or that TA453 and Seaborgium have been
collaborating.
The NCSC is advising people working in targeted industries to be particularly
vigilant, and to adopt a set of basic cyber security principles that can vastly
reduce their chances of being compromised.
These include using strong and separate passwords across email accounts,
activating multi-factor authentication wherever possible, keeping devices and
networks patched and up to date, enabling automated email scanning features from
providers, and disabling mail forwarding. Additionally, as always, it is
important to maintain a healthy degree of scepticism when opening unexpected
emails, even if they seem to be from a close contact.
The Centre for the Protection of National Infrastructure also maintains an
application, Think Before You Link, which can help individuals identify
malicious online profiles and cut the risk of being targeted.
READ MORE ON HACKERS AND CYBERCRIME PREVENTION
* NCSC WARNS PUBLIC OF POTENTIAL QUEEN-RELATED PHISHING ATTACKS
By: Alex Scroxton
* MULTI-PERSONA IMPERSONATION ADDS NEW DIMENSION TO PHISHING
By: Alex Scroxton
* HOW HOSTILE GOVERNMENT APTS TARGET JOURNALISTS FOR CYBER INTRUSIONS
By: Alex Scroxton
* SPEAR PHISHING
By: Mary Shacklett
Latest News
* CEF selects HPE Greenlake to build out digitisation strategy
* Royal Mail resumes some international parcel services from UK
* Final months of 2022 saw highest ever number of bank account switches
* View All News
Download CW Asia-Pacific
* In The Current Issue:
* Top IT predictions in APAC in 2023
* How the Australian Red Cross coped with a donation surge
* How Mondelez is driving change with tech
Download Current Issue
Latest Blog Posts
* The rise of the green software developer – Green Tech
* Is it time for time-series databases? – Open Source Insider
* View All Blogs
Related Content
* Multi-persona impersonation adds new dimension to ... – ComputerWeekly.com
* How hostile government APTs target journalists for ... – ComputerWeekly.com
* Office 365 compromise likely led to Merseyrail ... – ComputerWeekly.com
-ADS BY GOOGLE
Latest TechTarget resources
* CIO
* Security
* Networking
* Data Center
* Data Management
CIO
* Technology diffusion strategies for CIOs and the VC mindset
Whether a technology investment pays off depends in large part on how fast
and widely it's adopted. CIOs can take a page from the...
* 3 tips CIOs can use for more sustainable device management
Sustainable device management is an important area CIOs should focus on to
support organizational ESG goals. Learn how it can ...
* 10 benefits of adopting project portfolio management
Project portfolio management takes a centralized approach to managing
projects and focuses on aligning projects with company ...
Security
* Ransomware trends, statistics and facts in 2023
Supply chain attacks, double extortion and RaaS were just a few of the
ransomware trends that plagued 2022 and will continue to ...
* Contractor error led to Baltimore schools ransomware attack
A security contractor for Baltimore County Public Schools mistakenly opened a
suspicious phishing email attachment in an unsecure...
* How cyber deception technology strengthens enterprise security
They say the best defense is a good offense. Cyber deception puts that
philosophy into practice in the enterprise, using a ...
Networking
* Evaluate Wi-Fi mapping tools and best practices
As Wi-Fi is now a critical component of enterprise network connectivity,
Wi-Fi mapping helps teams evaluate their wireless ...
* How cloud-managed Wi-Fi simplifies policy and AP controls
Cloud-managed Wi-Fi provides IT groups with several benefits, including
policy enforcement, network management and consistent AP ...
* Enterprises consider NaaS adoption for business agility
As enterprises accelerate toward digitization of their complete IT stack,
NaaS -- which can lower costs, increase QoS and improve...
Data Center
* Use ISO 50001:2018 as a guide for green data centers
Data centers use a lot of energy, and it can be difficult to navigate how to
reduce energy use. ISO 50001:2018 provides guidance ...
* Everything you need to know about Linux man pages
Admins who aren't familiar with a command can use Linux man pages for better
understanding. This tutorial outlines how to access ...
* Dell's next-generation PowerEdge servers target AI inferencing
Dell has delivered versions of its PowerEdge servers using Intel's 4th Gen
Xeon Scalable processors and AMD's EPYC chips.
Data Management
* ESG predicts 2023 shifts for DataOps, data management
Organizations are using cloud technologies and DataOps to access real-time
data insights and decision-making in 2023, according ...
* Data lake vs. data warehouse: Key differences explained
Data lakes and data warehouses are both commonly used in enterprises. Here
are the main differences between them to help you ...
* Data management trends: Convergence and more money
The past year focused heavily on data intelligence, lakehouse development and
observability as vendors innovated to help ...
* About Us
* Editorial Ethics Policy
* Meet The Editors
* Contact Us
* Our Use of Cookies
* Advertisers
* Business Partners
* Media Kit
* Corporate Site
* Contributors
* Reprints
* Answers
* E-Products
* Events
* In Depth
* Guides
* Opinions
* Quizzes
* Photo Stories
* Tips
* Tutorials
* Videos
* Computer Weekly Topics
All Rights Reserved, Copyright 2000 - 2023, TechTarget
Privacy Policy
Cookie Preferences
Do Not Sell or Share My Personal Information
Close