Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Asharq Al-Awsat
Asharq Al-Awsat
World
Asharq A-Awsat

UK Cyber-chiefs Warn Key Sectors About Russia, Iran Attacks

Spear-phishing involves an attacker sending malicious links to specific targets. Reuters

UK cyber-security chiefs on Thursday warned that Russia and Iran were increasingly targeting government officials, journalists and NGOs with so-called "spear-fishing" attacks in order to "compromise sensitive systems".

The National Cyber Security Center (NCSC) urged those in such roles to familiarize themselves with material on its website explaining the techniques and tactics used by the attackers as well as mitigation advice.

Spear-phishing involves an attacker sending malicious links to specific targets "in order to try to induce them to share sensitive information,” AFP reported.

The cyber-attacker often undertakes "reconnaissance activity around their target" in order to tailor their attacks more effectively, said the NCSC.

They often approach targets via email, social media and professional networking platforms, "with attackers impersonating real-world contacts of their targets, sending false invitations to conferences and events, and sharing malicious links disguised as Zoom meeting URLs."

The NCSC said that Russia-based group SEABORGIUM and Iran-based group TA453 had targeted a range of organizations and individuals in the UK and abroad throughout 2022.

"The attacks are not aimed at the general public but targets in specified sectors, including academia, defense, government organizations, NGOs, think-tanks, as well as politicians, journalists and activists," it added.

Paul Chichester, NCSC Director of Operations, said that actors based in Russia and Iran "continue to ruthlessly pursue their targets in an attempt to steal online credentials and compromise potentially sensitive systems.

"We strongly encourage organizations and individuals to remain vigilant to potential approaches," he added.

Potential targets are urged to use "strong and separate passwords" for online accounts, to keep networks and devices up to date, to enable their email providers' automated email scanning features and to disable mail-forwarding.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.