State-linked hackers in Russia and Iran are targeting British groups, NCSC warns

0 6

State-affiliated Russian and Iranian hackers are increasingly targeting British politicians, journalists and researchers with sophisticated campaigns aimed at gaining access to someone’s emails, Britain’s online security agency warned on on Thursday.

The National Cyber ​​Security Center (NCSC) has issued an alert about two groups from Russia and Iran, warning government, defense, think tanks and the media not to click on malicious links posted by someone posing as a conference organizer, journalist or even giving out colleagues.

Both groups have been active for a number of years, but are believed to have recently increased their activities in the UK as the war in Ukraine continues, as well as in the US and other countries. of NATO. They aim to steal secrets — or leave correspondence online to embarrass high-profile figures — but not cash.

NCSC Director of Operations Paul Chichester said that “Russia- and Iran-based threat actors” from the two separate groups “continue to relentlessly pursue their targets to steal online credentials and compromise potentially sensitive systems.”

Hackers usually try to gain the trust of the target by impersonating someone who is likely to contact them, e.g.

In one case, the Iranian group called Charming Kitten had a fake Zoom meeting with their target and shared the malicious link “in the chat bar during the call,” the NCSC said. Sometimes two or more fake personas are used in a carefully crafted attempt to convince an individual that their claims or dealings are legitimate.

Last year, the Russian group known as Seaborgium or Cold River was accused by Google of hacking and leaking the correspondence of former MI6 director Richard Dearlove and other hard-line Brexiteers trying to get the EU exit agreement of Theresa Mays Checker To block.

This year, the same group was accused of targeting three nuclear research laboratories in the United States, creating fake login pages for each institution and emailing scientists working there in ‘attempt to trick them into revealing their passwords. It is unclear whether any of the efforts were successful.

Eventually, and ideally after establishing a relationship, hackers try to trick a person into clicking a link that takes them to a web page where they are asked to enter their password details. At this point, their email is compromised using a technique known as “spear phishing”.

Although the method is one of the oldest hacking techniques, what distinguishes the two groups is the effort made to deceive their targets, including the creation of “fake social media or network profiles presenting as reputable experts.” and offer invitations to non-existent conferences allegedly relevant to their goals.

Once in control of an account, hackers sometimes use it to lure others as victims feel more confident when the emails they send are genuine. Hackers have also set up secret “email forwarding rules” to regain access to an email account even if the hack is discovered and passwords are reset.

Archie Bland and Nimo Omer bring you the best stories and puns for free every weekday morning

Data protection: Newsletters may contain information about charities, online advertisements and sponsored content from third parties. You can find more information in our data protection statement. We use Google reCaptcha to protect our website and Google’s Privacy Policy and Terms of Service apply.

Both groups are believed to be state-run and involved in so-called “cyberespionage” activities – but the British agency has not officially accused either the Russian government or Iran. When such attributions are made, they are made by the Secretary of State or other ministers in the Foreign Office.

NCSC encourages people to use strong email passwords. One technique is to take three random words and not replicate them as credentials on other sites. It is recommended to use two-factor authentication with a mobile phone as part of the entry process, ideally with a dedicated authenticator app.

The cyber agency also advises people to take extra care when they receive plausible messages from strangers relying on Gmail, Yahoo, Outlook or other webmail accounts, sometimes posing as the targets of the Output that were killed by the social media.


Leave A Reply

Your email address will not be published.