Microsoft has disrupted suspected Russian state-sponsored advanced persistent threat group SEABORGIUM, which has been launching cyberespionage attacks against government officials, military officials, journalists, and think tanks across Europe and South Caucasus during the past five years, SecurityWeek
SEABORGIUM had indicators of compromise and tactics overlapping with earlier reports from Google and F-Secure, which have dubbed the APT as COLDRIVER and Callisto Group
, respectively, according to a Microsoft report.
Aside from exploiting OneDrive to host malicious documents included in their phishing emails, SEABORGIUM also leveraged fraudulent LinkedIn accounts in their persistent phishing, data theft, and credential theft campaigns. Researchers were also able to observe that some SEABORGIUM campaigns involved the creation of forwarding rules from the inboxes of their victims to accounts under their control.
"On more than one occasion, we have observed that the actors were able to access mailing-list data for sensitive groups, such as those frequented by former intelligence officials, and maintain a collection of information from the mailing-list for follow-on targeting and exfiltration," said Microsoft.