reports that organizations have been warned by the U.K.'s National Cyber Security Centre regarding separate spear-phishing campaigns by Russian state-sponsored advanced persistent threat group Seaborgium, also known as Blue Callisto, Callisto, and Coldriver,
and Iranian state-sponsored hacking operation TA453, also known as APT35, Charming Kitten, and Phosphorus, targeted at government organizations, think tanks, activists, journalists, and politicians.
Both Seaborgium and TA453 commence their campaigns with the use of open source intelligence for reconnaissance on their targets, with fraudulent email accounts, websites, and invitations leveraged to obtain trust from victims and lure them to phishing pages that harvest their email credentials, according to the NCSC. Aside from establishing forwarding rules in email accounts they have compromised, both groups have also exploited contact lists for future intrusions.
"Although spear-phishing is an established technique used by many actors, Seaborgium and TA453 continue to use it successfully and evolve the technique to maintain their success," said the NCSC.