Russian and Iranian state-linked hackers are increasingly targeting British politicians, journalists and researchers with sophisticated campaigns aimed at gaining access to a person’s email, Britain’s online security agency warned on Thursday.
The National Cyber Security Centre (NCSC) issued an alert about two groups from Russia and Iran, warning those in government, defence, thinktanks and the media against clicking on malicious links from people posing as conference hosts, journalists or even colleagues.
Both groups have been active for some years, but it is understood they have recently stepped up their activities in the UK as the war in Ukraine continues, as well as operating in the US and other Nato countries. They aim to steal secrets – or leak correspondence online to embarrass high-profile figures – but not to extort money.
Paul Chichester, NCSC’s operations director, said the “threat actors based in Russia and Iran” from the two separate groups “continue to ruthlessly pursue their targets in an attempt to steal online credentials and compromise potentially sensitive systems”.
The hackers typically seek to gain confidence of a target by impersonating somebody likely to make contact with them, such as by falsely impersonating a journalist, and ultimately luring them to click on a malicious link, sometimes over the course of several emails and other online interactions.
In one case, the Iranian group, dubbed Charming Kitten, held a fake zoom meeting with their target, and shared the malicious link “in the chat bar during the phone call”, the NCSC said. Sometimes two or more fake personas are used in a carefully crafted effort to convince a person their inquiries or business is legitimate.
Last year, the Russian Group known as Seaborgium or Cold River was accused by Google of hacking into and leaking correspondence involving the former director of MI6 Richard Dearlove and other hard Brexiters seeking to block Theresa May’s Chequers EU exit deal.
This year, the same group was accused of targeting three nuclear research laboratories in the US, creating fake login pages for each institution and emailing scientists who worked there to try to make them reveal their passwords. It is not clear if any of the efforts were successful.
Ultimately, and ideally having built a rapport, the hackers will try to lure a person to click on a link that takes them to a webpage where they will be asked to enter their password details. At this point, their email is compromised using a technique known as “spear phishing”.
Although the method is one of the oldest hacking techniques, what distinguishes the two groups is the effort made to fool their targets, including creating “fake social media or networking profiles that impersonate respected experts” and offering invites to nonexistent conferences supposedly relevant to their targets.
Once they have control of an account, the hackers sometimes use it to lure in others, because victims will have greater confidence if emails they send are genuine. Hackers also set up secret “mail-forwarding rules” in an effort to regain access to an email account even when the hack is detected and passwords reset.
Both groups are believed to be state directed, engaged in what are described as “cyber espionage” activities – but the British agency has not formally blamed the Russian or Iranian governments. When such attributions are made, they are done so by the foreign secretary or other Foreign Office ministers.
NCSC encourages people to use strong email passwords. One technique is to use three random words, and not replicate it as a login credential on other websites. It recommends people use two-factor authentication, using a mobile phone as part of the log on process, ideally by using a special authenticator app.
The cyber agency also advises people exercise particular caution when receiving plausible sounding messages from strangers who rely on Gmail, Yahoo, Outlook or other webmail accounts, sometimes impersonating “known contacts” of the target culled from social media.
Wow! At las I got a web siite from whewre I be ccapable of really gett valuable fahts
concerning mmy sgudy andd knowledge.
Thes are genuineoy wonhderful ideas inn regarding
blogging. Youu have touched ome fwstidious factors here.
Any wway kkeep up wrinting.
For women with larger fibroids, symptoms can include lasix 12.5
Everyone loves iit when individuals come together andd share
views. Great website, stifk wirh it!
Excellent, what a blog iit is! This websote provides useful iformation tto us, keep it up.
off course likle your website however you have to take
a llook at the spelling oon quitre a few of your posts.
Manny oof thesm are ride with spelling provlems
and I iin findjng it vvery troublesome tto tekl the truth howver I will certainlky come again again.
Greetings! Quichk queestion that’s totallyy off topic.
Do you knoww howw tto mke your site mobille friendly?
My web sitte looks wweird whhen browsing fro myy iphone4.
I’m trying to fiund a temmplate orr pluginn that might be able to fix thjis issue.
If you have any suggestions, please share. Thanks!
Hi there are using Wordoress ffor your site platform? I’m new
to the blog world but I’m trying to get started annd create mmy own. Do youu need aany oding expertisxe too maqke you own blog?
Anyy help would be greattly appreciated!
Whatts up are usiing Wordppress for your bloog platform?
I’m new tto the blog wprld buut I’m tring to
gget stsrted and seet up my own. Do yyou reqjire aany coding knowledge to makke your own blog?
Any help would be really appreciated!
Hi to all, it’sgenuinely a fastdious for me
tto go tto see this webb page, itt includes vaaluable Information.
There’s definately a grat deall to knokw about thi subject.
I really likee all of the points yyou hazve made.
how soon after surgery can i take viagra This is not an official list approved by FDA
I used tto bbe suuggested this web siite by my cousin. I amm nnow not cerrtain whether this post iis written by
mmeans of him as nobpdy elsee recognise such precise
about my trouble. You’re wonderful! Thanks!
Hi my friend! I wish to say that this article is awesome, great written and include approximately all vital infos. I would like to look extra posts like this.
you’ve gotten an excellent blog here! would you wish to make some invite posts on my blog?
Awesome article.
Thanks forr a marvelous posting! I certainly enuoyed reading it, yoou mighht bee a
geeat author.I will be sure to bookmark youhr blkog and may come bck someyime soon. I ant too encourabe yourself tto continue youhr grezt writing, hve a ice day!
Excellentt blog right here! Additionally your web ite a lot uup fast!
Whhat web host are you the uuse of? Can I gget youur associate llink tto yojr host?
I wish myy websitre loaded up as quickly as yours lol