Several organizations spoofed in widespread Russian phishing operation

Numerous companies and organizations including Global Ordnance, UMO Poland, Blue Sky Network, and The Commission for International Justice and Accountability have been impersonated by Russian state-sponsored threat group SEABORGIUM, also known as TA446, Callisto, and COLDDRIVER, to serve as lures in a phishing operation, according to The Record, a news site by cybersecurity firm Recorded Future. SEABORGIUM has used 38 registered domains since January, including one spoofing the Microsoft login page of U.S. military weapons and hardware supplier Global Ordnance, a report from Recorded Future's Insikt Group showed. NameCheap, Porkbun, REG.RU, and regway have been used to register most of the discovered domains, all of which had Let's Encrypt's X.509 TLS certificates. "Analysis of the 9 domains reveals that 7 share a focus around industry verticals that would likely be of interest to Russia-nexus threat groups, especially in light of the war in Ukraine. The 2 outlier domains are probably intended to masquerade as the Ministry of Internal Affairs of the Russian Federation," said researchers.