UK cyber-chiefs warn key sectors about Russia, Iran attacks

UK cyber-security chiefs on Thursday warned that Russia and Iran were increasingly targeting government officials, journalists and NGOs with so-called "spear-fishing" attacks in order to "compromise sensitive systems".

The National Cyber Security Centre (NCSC) urged those in such roles to familiarise themselves with material on its website explaining the techniques and tactics used by the attackers as well as mitigation advice.

Spear-phishing involves an attacker sending malicious links to specific targets "in order to try to induce them to share sensitive information".

The cyber-attacker often undertakes "reconnaissance activity around their target" in order tailor their attacks more effectively, said the NCSC.

They often approach targets via email, social media and professional networking platforms, "with attackers impersonating real-world contacts of their targets, sending false invitations to conferences and events, and sharing malicious links disguised as Zoom meeting URLs."

The NCSC said that Russia-based group SEABORGIUM and Iran-based group TA453 had targeted a range of organisations and individuals in the UK and abroad throughout 2022.

"The attacks are not aimed at the general public but targets in specified sectors, including academia, defence, government organisations, NGOs, think-tanks, as well as politicians, journalists and activists," it added.

Paul Chichester, NCSC Director of Operations, said that actors based in Russia and Iran "continue to ruthlessly pursue their targets in an attempt to steal online credentials and compromise potentially sensitive systems.

"We strongly encourage organisations and individuals to remain vigilant to potential approaches," he added.

Potential targets are urged to use "strong and separate passwords" for online accounts, to keep networks and devices up to date, to enable their email providers' automated email scanning features and to disable mail-forwarding.