This post is also available in: heעברית (Hebrew)

The UK National Cyber Security Centre (NCSC) published a warming this Thursday of phishing attacks led by Russian and Iranian state sponsored actors of information gathering operation. The report reads “the attacks are not aimed at the general public but targets in specified sectors, including academia, defense, government organizations, NGOs, think tanks, as well as politicians, journalists and activists.”

The activity is typical of spear-phishing campaigns, where the threat actors send messages tailored to the targets, while also taking enough time to research their interests and identify their social and professional circles.

The initial contact is designed to appear innocuous in an attempt to gain their trust and can go on for weeks before proceeding to the exploitation phase. This takes the form of malicious links that can lead to credential theft and onward compromise, including data exfiltration.

To maintain the ruse, the adversarial crews are said to have created bogus profiles on social media platforms to impersonate field experts and journalists to trick victims into opening the links.

The stolen credentials are then used to log in to targets’ email accounts and access sensitive information, in addition to setting up mail-forwarding rules to maintain continued visibility into victim correspondence.

Furthermore, a notable aspect of these campaigns is the use of targets’ personal email addresses, likely as a means to circumvent security controls put in place on corporate networks.

“These campaigns by threat actors based in Russia and Iran continue to ruthlessly pursue their targets in an attempt to steal online credentials and compromise potentially sensitive systems,” said Paul Chichester, NCSC director of operations, according thehackernews.com.

Prepared to dive into the world of futuristic technology? Attend INNOTECH 2023, the international convention and exhibition for cyber, HLS and innovation at Expo, Tel Aviv, on March 29th-30th

Interested in sponsoring / a display booth at the 2023 INNOTECH exhibition? Click here for details!