The Microsoft Threat Intelligence Center (MSTIC) has observed and taken actions to disrupt campaigns launched by SEABORGIUM, an actor Microsoft has tracked since 2017. SEABORGIUM is a threat actor that originates from Russia, with objectives and victimology that align closely with Russian state interests. Its campaigns involve persistent phishing and credential theft campaigns leading to intrusions and data theft. SEABORGIUM intrusions have also been linked to hack-and-leak campaigns, where stolen and leaked data is used to shape narratives in targeted countries. While we cannot rule out that supporting elements of the group may have current or prior affiliations with criminal or other nonstate ecosystems, MSTIC assesses that information collected during SEABORGIUM intrusions likely supports traditional espionage objectives and information operations as opposed to financial motivations.
MALWARE FAMILY: SEABORGIUM
ATT&CK IDS: T1566 - Phishing, T1490 - Inhibit System Recovery, T1189 - Drive-by Compromise, T1056 - Input Capture, T1140 - Deobfuscate/Decode Files or Information, T1027 - Obfuscated Files or Information, T1124 - System Time Discovery