NCSC Alert: British Journalists & Politicians Are Hacking Targets

Russian and Iranian government-linked hackers are focusing on British politicians, journalists and researchers with the aim to get access to their email accounts.

Britain's National Cyber Security Centre (NCSC) has now published an alert about two groups from Russia and Iran, warning those in government, defence, thinktanks and the media against clicking on malicious links from people posing as conference hosts, journalists or even colleagues. Researchers say that the hackers target their victims,  impersonating people known to them using fake email addresses and social media profiles.

NCSC Director of Operations, Paul Chichester, said “The UK is committed to exposing malicious cyber activity alongside our industry partners and this advisory raises awareness of the persistent threat posed by spear-phishing attacks... These campaigns by threat actors based in Russia and Iran continue to ruthlessly pursue their targets in an attempt to steal online credentials and compromise potentially sensitive systems.

“We strongly encourage organisations and individuals to remain vigilant to potential approaches and follow the mitigation advice in the advisory to protect themselves online.”

The Russian group is thought to be Cold River, which is also known as Callisto and Seaborgium, which hacked nuclear research operations in the US and they leaked emails from ex-MI6 chief Sir Richard Dearlove. Similar methods have also been used by the Iranian based group ‘Charming Kitten’ to collect information. Independent cyber-security experts have linked the group to the nation’s Islamic Revolutionary Guard Corps, and it is alleged that it has targeted US politicians as well as critical infrastructure.

Both groups have recently increased their hacking in the UK as the war in Ukraine continues and they are also actively hacking the US and other NATO members with the aim is to steal secrets and to leak correspondence online to embarrass high-profile figures.

The hackers typically seek to gain confidence of a target by impersonating somebody likely to make contact with them, such as by falsely impersonating a journalist, and ultimately luring them to click on a malicious link, sometimes over the course of several emails and other online interactions.

Although the method is one of the oldest hacking techniques, but the NCSC say that what distinguishes the two groups is the effort made to fool their targets, including creating “fake social media or networking profiles that impersonate respected experts” and offering invitations to nonexistent conferences relevant to their targets.

Immanuel Chavoya, Senior Manager of Product Security at SonicWall commented "..The latest data shows how bad actors are getting smarter in the development of evolutionary strains and more targeted in their assaults.” 

The NCSC encourages people to use strong email passwords and one recommended technique is to use three random words, and not replicate it as a login credential on other websites. It also recommends people use two-factor authentication, using a mobile phone as part of the log on process, ideally by using a special authenticator app.

Organisations and their employees should be particularly careful when receiving plausible sounding messages from strangers who rely on Gmail, Yahoo, Outlook or other webmail accounts, sometimes impersonating “known contacts” of the target culled from social media. 

The NCSC recommends that if individuals or organisations in the identified sectors recognise the specific and targeted activity described in the advisory, they should report it to them.

NCSC:      Guardian:    BBC:   WION:   FirstPost:   The Times:    AA

You Might Also Read: 

Cyber Threats & Nuclear Fears:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Preventing Ransomware Attacks Begins With You
Will The Insider Threat Intensify During The Recession? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

UK Cyber Week Expo & Conference

UK Cyber Week Expo & Conference

Award-winning event organiser ROAR B2B announces the launch of UK Cyber Week and its inaugural event on 4 and 5 April 2023 at the Business Design Centre, London.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

SafeUM Communications

SafeUM Communications

SafeUM Secure Messenger is an encrypted secure communications protection mechanism for instant messaging.

HireVergence

HireVergence

HireVergence is a full service IT staffing and recruiting firm with a focus on cyber and information security.

Security Onion Solutions

Security Onion Solutions

Security Onion Solutions is the creator and maintainer of Security Onion, a free and open platform for threat hunting, network security monitoring, and log management.

Computer Forensics Consult (CFC)

Computer Forensics Consult (CFC)

Computer Forensics Consult provides disaster recovery, computer forensics, electronic discovery and litigation support services in the growing area of Cyber Security.

Compnet

Compnet

Compnet is a service company that assists customers in integrating complete ICT systems including network infrastructure and security solutions.

CashShield

CashShield

CashShield is an end-to-end fraud management solution that blocks fraudulent activities such as account takeovers, fake accounts creation, fraudulent payments, loyalty fraud and more.

MindForge Group

MindForge Group

MindForge invests into promising companies who offer innovative solutions to modern challenges. We have a deep knowledge in the fields of AI, big data, location intelligence, cyber security.

CSC Digital Brand Services

CSC Digital Brand Services

Our brand protection and security expertise give our customers peace of mind that no matter how fast the digital world changes, their intellectual property and digital assets will be secure.

CertiPath

CertiPath

CertiPath create products and services that ensure the highest levels of validation for digital identities that attempt to access customers’ networks.

Sprint Networks

Sprint Networks

Sprint Networks is a trusted compliance and risk program advisor which deliver cost-effective technology to reduce enterprise-wide risk.

HighPoint

HighPoint

HighPoint is a leading technology infrastructure solutions provider offering consultancy, solutions and managed services for network infrastructure and cybersecurity.

Yoti

Yoti

Yoti offer a suite of business solutions that span identity verification, age estimation, e-signing and AI anti-spoofing technologies.

Governmental Information Security Center - Sudan

Governmental Information Security Center - Sudan

The Sudanese Governmental Information Security Center is a center for the National Information Center responsible for securing government information infrastructure and e-government services.

Canonic Security

Canonic Security

Canonic streamlines app review, continuously monitors apps, and reduces the risks involved in third-party access to your data.

LogicBoost Labs

LogicBoost Labs

LogicBoost Labs has the expertise, experience, funding and connections to make your startup succeed. We are always interested in new ways to change the world for the better.

Rhymetec

Rhymetec

Rhymetec are an industry leader in cloud security, providing innovative cybersecurity and data privacy services to the modern-day SaaS business.