Microsoft said it disabled the accounts of the Seaborgium group, which was using them for phishing and data theft. Criminals used e-mail, OneDrive accounts, and other Microsoft cloud services, as well as fake LinkedIn accounts. The group’s activities are linked to russia, reports The Register .
Seaborgium, also known as Coldriver, is credited with the leak, in which criminals stole and leaked emails and documents from senior Brexit officials. These documents were later circulated on social media to reinforce the false narrative that they were plotting a coup d’état.
The group targeted mostly the same organizations, primarily in the US and UK. Their victims were consulting companies in the field of defense and intelligence, non-governmental and intergovernmental organizations, analytical centers and people from the field of higher education.
Criminals play a long game and work with victims for several years. They made connections with people in the fields they wanted or in the social circles of the employees of the company they wanted by contacting them via e-mail and starting with an exchange of pleasantries. If the target responded, they were sent an email – for example, a link to a malicious URL or a OneDrive attachment with a link to a Seaborgium-controlled site that allowed the user’s credentials to be stolen.
With this data, criminals could gain access to the victim’s email and trick people connected to them into revealing sensitive information.
To protect against Seaborgium, Microsoft advises set up Office 365 email to block fake emails, spam, and malware emails, and turn off automatic email forwarding.
Also, the company advises switching to multifactor authentication and using its more reliable methods, in particular, FIDO tokens instead of telephony.