Russia-based group SEABORGIUM and Iran-based group TA453 are targeting UK organisations, individuals and decision makers with spear-phishing campaigns.
Spear-phishing, like phishing, involves malicious links being sent via email, social media or professional networking platforms but with the difference of being highly targeted at key individuals. These campaigns are focused on gathering high-value and advantageous information.
Attackers carry-out reconnaissance around the most influential people in an organisation. They build a sense of trust by pinpointing key information and build a rapport before they strike. Attackers might impersonate real-world contacts of their targets, send false invitations to conferences and events, and share malicious links disguised as Zoom meeting URLs.
These types of attack are most prevalent in specific sectors, including academia, defence, government organisations, NGOs, think-tanks, as well as politicians, journalists and activists. However, Absolute Networks Ltd urge all organisations and individuals to stay vigilant to potential approaches and take action to secure online accounts.
Absolute Networks Ltd's Cyber Security Specialists can help your organisation mitigate the risks of spear-phishing activity. Some ways this might be achieved include:
- Enforcing a strong password policy for email accounts following industry best practice recommendations
- Recommending and implementing enhanced email scanning software
- Enabling multi-factor authentication
- Protecting your organisation's devices and networks by keeping them up-to-date
- Preventing email forwarding rules
- Raising awareness of spear-phishing techniques
Connect with our experienced and knowledgeable team to start developing your organisation's Cyber Security strategy: 01332 291992 or firstname.lastname@example.org