CyberNews Briefs

Spy group abuses Microsoft OneDrive to steal credentials in hack-and-leak campaigns

Microsoft has warned that a Russian threat actor that is highly persistent is targeting NATO nations with cyberattacks such as credential theft campaigns. The cyberattacks aim to compromise OneDrive accounts, steal data, and then leak selective information in order to sway public opinion and push an agenda. The group is referred to as Seaborgium and has been specifically targeting the US and the UK. However, the Baltics, Nordics, Eastern Europe, and Ukraine have been targeted. Microsoft reported that on at least one occasion, the group leaked data as what was identified by researchers as a disinformation campaign.

Microsoft Threat Intelligence Center (MSTIC) have been studying the threat actor’s moves, specifically how it abuses OneDrive, to gain insight into the group’s overall activities. The group has deployed a OneDrive link as a lure in attachments that impersonate the service, and also abused OneDrive to hide PDFs containing malicious URLs. In addition, security researchers from Google have claimed that threat actors COLDDRIVER and TA446 overlap with Seaborgium.

Read More: Spy group abuses Microsoft OneDrive to steal credentials in hack-and-leak campaigns

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.