A state-sponsored Russian-backed hacking group has been linked to attack infrastructure that tricks the Microsoft login page of Global Ordnance, a U.S.-based military weapons and hardware supplier.
Cybersecurity firm Recorded Future discovered 38 domains, nine of which contained references to companies including UMO Poland, the Commission for International Justice and Accountability and the Russian Ministry of Internal Affairs.
The cybersecurity firm attributed the new infrastructure to a threat activity group under the name TAG-53, which is broadly known as Blue Callisto, Callisto, COLDRIVER, SEABORGIUM, and TA446. Additionally, the threat actor has been attributed with low confidence to a spear-phishing operation targeting Ukraine’s Ministry of Defence, which coincided with the onset of Russia’s military invasion.
The development comes nearly four months after Microsoft disclosed that it took steps to disrupt phishing and credential theft attacks mounted by the group with the goal of breaching defense and intelligence consulting companies as well as NGOs, think tanks, and higher education entities in the U.K. and the U.S.
Meanwhile, Microsoft has warned of “potential Russian attack in the digital domain over the course of this winter”, pointing out Moscow’s “multi-pronged hybrid technology approach” of conducting cyber strikes against civilian infrastructure and influence operations seeking to fuel discord in Europe.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.