LONDON – British cybersecurity officials are warning that hacking groups linked to Russia and Iran are duping people into clicking malicious links by impersonating journalists and experts.
The hackers, who have similar goals but are said to be working separately, have sought to steal e-mail messages from people working in academia, defence, the media and government, as well as from activists and non-governmental organisations, according to an advisory released on Thursday by Britain’s National Cyber Security Centre.
“These campaigns by threat actors based in Russia and Iran continue to ruthlessly pursue their targets in an attempt to steal online credentials and compromise potentially sensitive systems,” said Mr Paul Chichester, the centre’s director of operations. “We strongly encourage organisations and individuals to remain vigilant to potential approaches and follow the mitigation advice in the advisory to protect themselves online.”
The Russian hackers, known as “Seaborgium” or “Cold River”, were linked by researchers from Google in May to a website that had published private e-mail messages from the former head of Britain’s MI6 intelligence agency. In 2022, the group also targeted scientists at three nuclear research laboratories in the United States, according to Reuters.
The Iranian hackers, also sometimes called “TA453” or “Charming Kitten”, have previously been observed targeting officials at the World Health Organisation and scholars who specialise in Middle Eastern issues.
The hackers study their targets’ interests and identify their real-world social or professional contacts, according to Britain’s cybersecurity centre. They have also created fake social media or networking profiles and tricked their victims by sending supposed conference or event invitations, according to the centre. BLOOMBERG