← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Disrupting SEABORGIUM’s ongoing phishing operations | Microsoft Security Blog
WHITE SEABORGIUM, Star Blizzard cnoscsoc@att.com 2023-12-07 Modified: 2023-12-07
69
IOCs
HIGH VOLUME
SEABORGIUM is a highly persistent threat actor, frequently targeting the same organizations over long periods of time. Once successful, it slowly infiltrates targeted organizations’ social networks through constant impersonation, rapport building, and phishing to deepen their intrusion. SEABORGIUM has successfully compromised organizations and people of interest in consistent campaigns for several years, rarely changing methodologies or tactics. Based on known indicators of compromise and actor tactics, SEABORGIUM overlaps with the threat groups tracked as Callisto Group (F-Secure), TA446 (Proofpoint) and COLDRIVER (Google). Security Service of Ukraine (SSU) has associated Callisto with Gamaredon Group (tracked by Microsoft as ACTINIUM); however, MSTIC has not observed technical intrusion links to support the association.
seaborgiummicrosoftmsticofficedefenderiocsukraineonedrivepdf fileemailaugustapril
Indicators of Compromise (69)
All domain
TYPEINDICATORDESCRIPTIONCREATED
domain cache-dns-forwarding.com 2023-12-07
domain cache-dns-preview.com 2023-12-07
domain cache-dns.com 2023-12-07
domain cache-docs.com 2023-12-07
domain cache-pdf.com 2023-12-07
domain cache-pdf.online 2023-12-07
domain cache-services.live 2023-12-07
domain cloud-docs.com 2023-12-07
domain cloud-drive.live 2023-12-07
domain cloud-mail.online 2023-12-07
domain cloud-storage.live 2023-12-07
domain doc-viewer.com 2023-12-07
domain docs-cache.com 2023-12-07
domain docs-drive.online 2023-12-07
domain docs-forwarding.online 2023-12-07
domain docs-info.com 2023-12-07
domain docs-info.online 2023-12-07
domain docs-shared.com 2023-12-07
domain docs-shared.online 2023-12-07
domain docs-view.online 2023-12-07
domain document-forwarding.com 2023-12-07
domain document-online.live 2023-12-07
domain document-preview.com 2023-12-07
domain document-share.live 2023-12-07
domain document-view.live 2023-12-07
domain documents-cloud.com 2023-12-07
domain documents-cloud.online 2023-12-07
domain documents-forwarding.com 2023-12-07
domain documents-online.live 2023-12-07
domain documents-pdf.online 2023-12-07
domain documents-preview.com 2023-12-07
domain documents-view.live 2023-12-07
domain drive-docs.com 2023-12-07
domain drive-share.live 2023-12-07
domain file-milgov.systems 2023-12-07
domain goo-link.online 2023-12-07
domain hypertextteches.com 2023-12-07
domain mail-docs.online 2023-12-07
domain office-protection.online 2023-12-07
domain office365-online.live 2023-12-07
domain officeonline365.live 2023-12-07
domain online-document.live 2023-12-07
domain online-storage.live 2023-12-07
domain online365-office.com 2023-12-07
domain onlinecloud365.live 2023-12-07
domain pdf-cache.com 2023-12-07
domain pdf-cache.online 2023-12-07
domain pdf-cloud.online 2023-12-07
domain pdf-docs.online 2023-12-07
domain pdf-forwarding.online 2023-12-07
domain pdf-shared.online 2023-12-07
domain protect-link.online 2023-12-07
domain protection-checklinks.xyz 2023-12-07
domain protection-link.online 2023-12-07
domain protection-office.live 2023-12-07
domain protectionmail.online 2023-12-07
domain proton-docs.com 2023-12-07
domain proton-pdf.online 2023-12-07
domain proton-reader.com 2023-12-07
domain proton-view.online 2023-12-07
domain proton-viewer.com 2023-12-07
domain relogin-dashboard.online 2023-12-07
domain safe-connection.online 2023-12-07
domain safelinks-protect.live 2023-12-07
domain secureoffice.live 2023-12-07
domain webresources.live 2023-12-07
domain word-yand.live 2023-12-07
domain y-ml.co 2023-12-07
domain yandx-online.cloud 2023-12-07
References (1)
↗ https://www.microsoft.com/en-us/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations/