Yrs ago F-Secure reported that threat actor designated as #CallistoGroup
was targeting military personnel, govt. officials, #ThinkTank s and journalists from across #Europe and #SouthCaucasus since 2015 Oct.via #spearphishing from previously compromised email accounts
Dubbed #SeaBorgium by #Microsoft,#ColdRiver by #Google and #TA446 by #Proofpoint its biggest success was a #hack and #leak op:a #protonmail dump of former #MI6 director #RichardDearlove
involved in #BreXiT backed #LeaveUE campaign

It is good to be selective in choosing your LinkedIn connections. My golden rule has always been: have I worked with or met this person before, and would I work or meet with them again? With SEABORGIUM and TA453 running active spear-phishing campaigns, this is even more important.

The UK National Cyber Security Centre says that Russia-based SEABORGIUM and Iran-based TA453 actors are still using spear-phishing attacks to gather information from targeted organizations and individuals in the UK and elsewhere.

Even though the tactics, techniques, procedures, and targeting profiles are similar, these campaigns are different, and the two groups are not working together.

My top tips for you.
1. Only accept connections from people you actually know.
2. Re-evaluate your list of connections and consider whether each connection is truly part of your network.
3. Check your privacy settings.
4. Trust, but verify!

https://www.ncsc.gov.uk/news/spear-phishing-campaigns-targets-of-interest

#cybersecurity #infosec #spearphishing #linkedin #SEABORGIUM #TA453

Shocking no one, #Callisto #SEABORGIUM #ColdRiver #TA446 did some naughty things.

https://therecord.media/russian-hacking-group-spoofed-microsoft-login-page-of-us-military-supplier-report/

PwC's #threatintel team published our reporting on Russia-based TA #BlueCallisto (aka #TAG53 #SEABORGIUM #Callisto). Though they have included Ukrainian targeting in their operations, they've maintained a focus on US government organizations including the US National Labs.

Reporting here:
https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/blue-callisto-orbits-around-us.html

(Recorded Future also published research on the same actor who they call #TAG53
https://www.recordedfuture.com/exposing-tag-53-credential-harvesting-infrastructure-for-russia-aligned-espionage-operations)

(also posted on the bird site)

PwC's #threatintel team published our reporting on Russia-based TA #BlueCallisto (aka #TAG53 #SEABORGIUM #Callisto). Though they have included Ukrainian targeting in their operations, they've maintained a focus on US government organizations including the US National Labs.

Reporting here:
https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/blue-callisto-orbits-around-us.html

(Recorded Future also published research on the same actor who they call #TAG53
https://www.recordedfuture.com/exposing-tag-53-credential-harvesting-infrastructure-for-russia-aligned-espionage-operations)

(also posted on the bird site)