• March 25, 2023

Battle Of The Bots: Baidu’s ERNIE Comes Out Swinging To Challenge OpenAI

Huffing to keep up, Chinese tech giant Baidu has introduced its answer to OpenAI’s ChatGPT: ERNIE Bot. Reviews have been mixed, but it is early days yet. Baidu’s model is based …

Apple Loop: iPhone 15 Pro Leaks, iPhone 14’s Massive Win, MacBook Versus iPad

Taking a look back at another week of news and headlines from Cupertino, this week’s Apple Loop includes iPhone 15 Pro design and specs leak, iPhone 13 Mini defeated, Apple’s USB …

Android Circuit: Pixel 8 Pro Details Leaks, Samsung Galaxy A54 Review, Android’s Premium Phone Woes

Taking a look back at seven days of news and headlines across the world of Android, this week’s Android Circuit includes Samsung Galaxy A54 reviews, Pixel 8 Pro specs, Redmi Note …

State-linked hackers in Russia and Iran have been targeting politicians, journalists and others in the UK and elsewhere through a ‘sophisticated’ spear-phishing campaign.

The UK’s National Cyber Security Centre (NCSC) has identified two hacking groups – Russia-based Seaborgium and Iran-based TA453 – as the culprits and has issued an alert warning those in defense organizations, the media and government against clicking on malicious links.

“These campaigns by threat actors based in Russia and Iran continue to ruthlessly pursue their targets in an attempt to steal online credentials and compromise potentially sensitive systems,” says NCSC director of operations Paul Chichester.

“We strongly encourage organizations and individuals to remain vigilant to potential approaches and follow the mitigation advice in the advisory to protect themselves online.”

While the two groups have been active for some time, they are believed to have stepped up their operations significantly since Russia’s invasion of Ukraine, targeting individuals in the US and elsewhere, as well as in the UK.

And they go to some trouble to do this, with the NCSC describing the campaign as particularly elaborate and sophisticated.

The groups research their targets in detail, identifying their contacts and then faking social media or networking profiles to impersonate respected experts, creating fake conference or event invitations, and faking approaches from journalists.

“Both Seaborgium and TA453 use webmail addresses from different providers (including Outlook, Gmail and Yahoo) in their initial approach, impersonating known contacts of the target or eminent names in the target’s field of interest or sector,” says the NCSC.


“The actors have also created malicious domains resembling legitimate organisations to appear authentic.”

The NCSC says that, unusually, it’s victims’ personal email accounts that are targeted, rather than their official work accounts. This, it says, not only bypasses any security controls but also means that the victim is less likely to be on their guard.

After developing a relationship with their target, the groups share malicious links, often in the form of a Zoom meeting URL. In one example, TA453 set up a Zoom call with the target to share the malicious URL in the chat bar during the call.

The victim’s credentials are then seized and used to log in to targets’ email accounts, where the hackers can access and steal emails and attachments from the victim’s inbox. They have also set-up mail-forwarding, allowing them to view ongoing correspondence, and have also been able to access mailing-list data and victim’s contacts lists.

This information is then used for follow-on targeting and further phishing activity.

The Seaborgium group – also known as Cold River and Callisto – was last year found to be targeting three nuclear research laboratories in the US, and was also accused of hacking and leaking emails from former director of MI6 Richard Dearlove.

Meanwhile, TA453, also known as Charming Kitten, has been accused of targeting US politicians and national infrastructure organizations.

“We strongly encourage targeted organisations and individuals to stay vigilant and take steps to secure online accounts,” the NCSC warns, telling people to be on their guard, and to use strong passwords and two-factor authentication (2FA).

Both Iran and Russia have denied any connection to the hacking groups.


Leave a Reply

Your email address will not be published.