HT TECH wants to start sending you push notifications. Click allow to subscribe

BEWARE! Microsoft warns of "SEABORGIUM" phishing attack

Microsoft has warned users to stay safe from SEABORGIUM phishing attack.
By: SHAURYA TOMER
Updated on: Aug 16 2022, 18:13 IST
Attackers impersonate official Microsoft emails and target their clients. (HT_PRINT)
Attackers impersonate official Microsoft emails and target their clients. (HT_PRINT)

Microsoft has issued a warning for Microsoft clients regarding a phishing attack that is doing the rounds. The warning was issued by Microsoft’s Threat Intelligence Center (MSTIC). The phishing attack, called SEABORGIUM, targets Microsoft’s clients posing as security experts from Microsoft via email. Although this phishing scheme, which originated in Russia has been present since 2017, it has recently popped up again, targeting a number of people before it was red-flagged by Microsoft’s Threat Intelligence Center.

How does it work?

In this phishing scheme, the threat actor targets the same organization slowly over a long period of time. According to Microsoft, once it is successful, it slowly infiltrates targeted organizations’ social networks through constant impersonation, rapport building, and phishing to deepen their intrusion. It builds rapport and develops trust with the target organization.

Top Gadgets

Mobiles Laptops Tablets
Microsoft Nokia 222
  • Black
  • 16 MB RAM
₹2,860
Check details
Microsoft Nokia 215 Dual Sim
  • Black
  • 8 MB Storage
₹11,989
Check details
Itel MX Play
  • Light Green
  • 48 MB RAM
  • 128 MB Storage
₹2,239₹2,999
Buy now
Xiaomi Redmi Note 11 SE
  • Bifrost Blue
  • 6 GB RAM
  • 64 GB Storage
₹13,499
Check details
View More Mobiles
Microsoft Surface Pro 9
  • 8 GB LPDDR5 RAM RAM
₹124,999₹149,999
Buy now
Microsoft Surface 4
  • 8 GB DDR4 RAM RAM
₹115,900₹145,990
Buy now
Microsoft Surface 4 5UI 00049
  • 8 GB DDR4 RAM RAM
₹130,561₹145,999
Buy now
Microsoft Surface Studio A1Y 00022
  • 16 GB LPDDR4X RAM RAM
₹208,090₹215,999
Buy now
View More Laptops
Realme Pad
  • Real Gold
  • 3 GB RAM
  • 32 GB Storage
₹19,999₹32,999
Buy now
Lenovo Tab P11
  • Platinum Grey
  • 4 GB RAM
  • 128 GB Storage
₹16,999₹32,000
Buy now
Realme Pad LTE
  • Real Gold
  • 3 GB RAM
  • 32 GB Storage
₹16,800₹29,999
Buy now
Moto Tab G20
  • Platinum Grey
  • 3 GB RAM
  • 32 GB Storage
₹10,999
Check details
View More Tablets

The threat actors use numerous emails impersonating real employees of Microsoft. The company says that the SEABORGIUM actor delivers malicious URLs directly in an email or via attachments as you can see below, often imitating hosting services like Microsoft's own OneDrive.

Also read: Looking for a smartphone? To check mobile finder click here.

A phishing kit known as EvilGinx is used to steal the victim’s personal and financial information. A phishing portal is designed which looks exactly like the Microsoft’s to fool victims into entering their login credentials.

Microsoft has explained that, “In limited cases, SEABORGIUM has been observed setting up forwarding rules from victim inboxes to actor-controlled dead drop accounts where the actor has long-term access to collected data. On more than one occasion, we have observed that the actors were able to access mailing-list data of sensitive groups, such as those frequented by former intelligence officials, and maintain a collection of information from the mailing-list for follow-on targeting and exfiltration.”

“There have been several cases where SEABORGIUM has been observed using their impersonation accounts to facilitate dialog with specific people of interest and, as a result, were included in conversations, sometimes unwittingly, involving multiple parties. The nature of the conversations identified during investigations by Microsoft demonstrates potentially sensitive information being shared that could provide intelligence value,” the company added further.

So, until Microsoft publishes another security patch, it is best advised to not open unrecognized attachments from unknown sources.

Follow HT Tech for the latest tech news and reviews , also keep up with us on Twitter, Facebook, , and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 16 Aug, 18:13 IST
NEXT ARTICLE BEGINS