Microsoft announced it took action to stop phishing operations carried out by a “highly persistent threat actor” whose goals are closely related to Russian state interests. The corporation is keeping an eye on the espionage-focused activity cluster under the chemical element-themed alias SEABORGIUM, which it claims overlaps with a hacker collective known as Callisto, COLDRIVER, and TA446. “SEABORGIUM intrusions have also been linked to hack-and-leak campaigns, where stolen and leaked data is used to shape narratives in targeted countries. Its campaigns involve persistent phishing and credential theft campaigns leading to intrusions and data theft,” stated Microsoft’s threat hunting teams in a joint announcement. Microsoft observed “only slight deviations in their social engineering approaches and in how they deliver the initial malicious URL to their targets.” The main targets include defense and intelligence consulting companies, non-governmental organizations (NGOs) and intergovernmental organizations (IGOs), higher education institutions, think tanks, and to a lesser extent, nations in the Baltics, the Nordics, and Eastern Europe. Additional targets of interest are former intelligence officers, Russian affairs experts, and Russian nationals living abroad.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in