Russian Hackers Spotted Targeting U.S. Military Weapons and Hardware Supplier
Dec 07, 2022
Password Security / Cyber Threat
A state-sponsored hacking group with links to Russia has been linked to attack infrastructure that spoofs the Microsoft login page of Global Ordnance, a legitimate U.S.-based military weapons and hardware supplier. Recorded Future attributed the new infrastructure to a threat activity group it tracks under the name TAG-53 , and is broadly known by the cybersecurity community as Blue Callisto , Callisto, COLDRIVER, SEABORGIUM, and TA446. "Based on historical public reporting on overlapping TAG-53 campaigns, it is likely that this credential harvesting activity is enabled in part through phishing," Recorded Future's Insikt Group said in a report published this week. The cybersecurity firm said it discovered 38 domains, nine of which contained references to companies like UMO Poland, Sangrail LTD, DTGruelle, Blue Sky Network, the Commission for International Justice and Accountability (CIJA), and the Russian Ministry of Internal Affairs. It's suspected that the t