GCHQ’s National Cyber Security Centre (NCSC) is warning individuals and businesses about targeted phishing attacks from cyber actors based in Russia and Iran.

The attacks, called 'spear-phishing', involve a cybercriminal sending malicious links to specific targets—via email or other routes—in an attempt to get them to share sensitive information.

The NCSC said that throughout last year separate malicious campaigns were carried out by two groups based in Russia and Iran, to target a range of organisations and people in the UK for information-gathering purposes.

The groups are not targeting the general public; instead they are focussing on people from specific sectors, including: academia; defence; government organisations; NGOs; think-tanks; politicians; journalists; and activists.

The organisation published an advisory this week which shares details about the techniques used by attackers as well as advice to address the threat of attacks. It reveals that approaches have been made through email, social media and professional networking platforms, with attackers impersonating real-world contacts of their targets, sending false invitations to conferences and events, and sharing malicious links disguised as Zoom meeting URLs.

“These campaigns by threat actors based in Russia and Iran continue to ruthlessly pursue their targets in an attempt to steal online credentials and compromise potentially sensitive systems,” said Paul Chichester, NCSC director of operations.

Chichester strongly encouraged organisations and individuals to “remain vigilant” and follow guidance from the NCSC.

The organisation says that initial contact may appear benign, as the attack aims to build trust and a rapport with the target. After this, they will use typical phishing methods to share malicious links that can lead to credential theft.

The NCSC has called on organisations and individuals to use strong and separate passwords for email accounts, turn on multi-factor authentication, keep devices and networks up to date, enable email providers' automated email scanning features, and disable mail-forwarding.

Share Story: