News Own Your Online External Link Report it
News Own Your Online External Link
  1. Welcome to the National Cyber Security Centre
  2. Alerts
  3. Russian state cyber actors’ global spear-phishing campaigns

Russian state cyber actors’ global spear-phishing campaigns

This section contains time sensitive announcements about specific cyber threats, vulnerabilities and scams. Each alert has information you need to be aware of, and what actions to take to mitigate any risk to you or your organisation.

Subscribe to our updates to be notified as soon as we publish an alert.

12:00am, 8 December 2023

TLP Rating: Clear

Russian state cyber actors’ global spear-phishing campaigns

New Zealand’s National Cyber Security Centre (NCSC) has issued a joint advisory highlighting Russian state cyber actors’ global spear-phishing campaigns and providing information on the actors’ tactics, techniques, and procedures. 

The advisory has been issued in partnership with the: 

  • UK National Cyber Security Centre (NCSC-UK), 
  • US Cybersecurity and Infrastructure Security Agency (CISA), 
  • US Federal Bureau of Investigation (FBI), 
  • US National Security Agency (NSA), 
  • US Cyber National Mission Force (CNMF), 
  • Australian Cyber Security Centre (ACSC), and
  • Canadian Centre for Cyber Security (CCCS).

Joint advisory: Russian state cyber actors’ global spear-phishing campaigns [PDF, 1.3 MB]

What's happening

Systems affected

This advisory, titled Russian FSB cyber actor Star Blizzard continues worldwide spear-phishing campaigns, details the Russia-based actor Star Blizzard (formerly SEABORGIUM, also known as Callisto Group/TA446/COLDRIVER/TAG-53/BlueCharlie) and its continued use of successful spear-phishing attacks against targeted organisations and individuals in the UK and other geographical areas of interest, as part of information-gathering operations

What this means

The authoring agencies assess that Star Blizzard is almost certainly subordinate to the Russian Federal Security Service (FSB) Centre 18. This advisory draws on previously published industry reporting and outlines spear-phishing techniques Star Blizzard uses to target individuals and organisations. 

What to look for

How to tell if you're at risk

If your organisation or role involves sensitive data, policy, or research (particularly in areas of geopolitical interest), you may be a target for spear-phishing. Review recent communications for suspicious or unexpected sender behaviour.

What to do

Prevention

Organisations should implement phishing-resistant multi-factor authentication, user awareness training, and email filtering. Review the advisory’s tactics and indicators to strengthen email security and monitoring

More information

Joint advisory: Russian state cyber actors’ global spear-phishing campaigns [PDF, 1.3 MB]

For more NCSC NZ updates, follow us on LinkedIn External Link