The National Security Agency, in collaboration with the Cybersecurity and Infrastructure Security Agency and the U.K. National Cyber Security Center, has released a cybersecurity advisory warning organizations against specific spear-phishing techniques used by the Russian hacking group Star Blizzard.
Star Blizzard, formerly known as SEABORGIUM or BlueCharlie, uses the open-source framework EvilGinx in spear-phishing activities to harvest credentials and session cookies to bypass multifactor authentication, the NSA said Thursday.
The group targets government and military agencies, think tanks, academic institutions and other organizations in the U.K. and the U.S. for espionage and cyber influence activities.
Rob Joyce, director of NSA’s Cybersecurity Directorate and a two-time Wash100 awardee, said the Russian Federal Security Service-linked group aims to target personal email accounts, where they can still access “sensitive information but often with a lower security bar.”
The NSA recommended that organizations use strong passwords, enable multifactor authentication, complete network and device updates, avoid clicking suspicious links, enable automated email scanning features and disable mail forwarding.