Russian and Iranian hackers 'targeting' British politicians and journalists, warns UK cyber agency

The National Cyber Security Centre has warned about the activities of hacking groups SEABORGIUM and TA453, based in Russia and Iran, who have targeted UK NGOs, journalists and politicians.
2 min read
26 January, 2023
Russian and Iranian groups have accused of targeting a number of US and UK organisations in the past [Getty]

State-linked Russian and Iranian hackers have used advanced methods to target British politicians, journalists and NGOs, the National Cyber Security Centre (NCSC) warned on Thursday.

In a press release, the UK security and cyber agency said that two groups are using the spear-phishing method to target a range of sectors including think tanks, government organisations, and NGOs, as well as journalists, politicians and activists in Britain and elsewhere.

Spear-phishing involves sending malicious links in order to convince targets to send sensitive information such as login details which could potentially expose high-profile figures or leak conversations. It can also infect a target's device with malware.

The NCSC has warned organisations and individuals not to click on unfamiliar URLs that could be linked to malicious activity, drawing particular attention to the threat from Russian and Iranian hackers.

In-depth
Live Story

The agency said that the Russian-based SEABORGIUM and Iran-based TA453 - also known as APT42 - have been behind a string of separate malicious campaigns in 2022 targeting UK organisations and individuals for information-gathering reasons.

The campaigns coincided with major events such as the Russian invasion of Ukraine, as well as the ongoing protests in Iran, which have resulted in London slapping multiple sanctions on Tehran.

Paul Chichester, the NCSC's Director of Operations said: "The campaigns by threat actors based in Russia and Iran continue to ruthlessly pursue their targets in an attempt to steal online credentials and compromise potentially sensitive systems."

The NCSC urged people at risk of attack to use strong and separate passwords for email accounts, to activate multi-factor authentication, and to enable the email providers' automated scanning feature.

Malicious actors typically research their target and subsequently gain their trust, before employing a technique that will make the target click on a malicious link or attachment, which will ultimately result in the user sharing sought-after information.

Hackers may also impersonate individuals likely to contact the phishing victim by sending bogus invites to meetings and conferences, or by engaging in conversations over a series of emails and networking platforms in order to dupe the target.

 

Last year, the SEABORGIUM Russian hacking group was suspected of targeting three nuclear research laboratories in the US, and was also accused of hacking and leaking emails from the former director of MI6 Richard Dearlove, according to The Guardian.

Meanwhile, the Iranian group TA453 was accused of targeting US politicians last year. In 2017, a cyber attack on emails belonging to dozens of UK MPs, including then-Prime Minister Theresa May, was blamed on Iranian hackers.