Microsoft has warned users to stay safe from the SEABORGIUM phishing attack.
Microsoft has issued a warning to Microsoft customers regarding an ongoing phishing attack. The warning was issued by the Microsoft Threat Intelligence Center (MSTIC). The phishing attack, called SEABORGIUM, targeted Microsoft customers posing as Microsoft security experts via email. While this phishing scheme, which originated in Russia, has been around since 2017, it has recently resurfaced, targeting several people before being red flagged by Microsoft’s Threat Intelligence Center. .
How it works?
In this phishing scheme, the bully slowly targets the same organization over a long period of time. According to Microsoft, once successful, it will slowly infiltrate the social networks of the target organizations through continuous impersonation, relationship building and phishing to penetrate deeper. It builds relationships and develops trust with the target organization.
Threats use a variety of emails impersonating real Microsoft employees. The company says that the SEABORGIUM agent delivers malicious URLs directly in emails or via attachments as you can see below, often mimicking storage services like Microsoft’s OneDrive.
A phishing toolkit called EvilGinx is used to steal victims’ personal and financial information. A phishing portal designed to look exactly like Microsoft’s to trick victims into entering their credentials.
Microsoft explained that, “Under limited circumstances, SEABORGIUM has been observed establishing forwarding rules from victims’ inboxes to actor-controlled dead drop accounts, where the action takes place. members have permanent access to the collected data. On more than one occasion, we have observed that actors can access the mailing list data of sensitive groups, such as those frequented by former intelligence officials, and maintain a collection of information from mailing lists for targeted tracking and water purification. “
“There have been a number of cases where SEABORGIUM was observed using their impersonated accounts to facilitate dialogue with specific interested persons and were thus inserted into the conversations, sometimes unwittingly. , involving multiple parties. The nature of the conversations identified during Microsoft’s investigation suggests that sensitive information could be shared that could provide intelligence value,” the company added.
So until Microsoft publishes another security patch, it’s best not to open unrecognized attachments from unknown sources.