NSA, NCSC-UK Release Guidance on Russian Spear-Phishing Techniques

The National Security Agency and the UK National Cyber Security Centre have issued a cybersecurity advisory warning organizations about Russian spear-phishing techniques.

The CSA focuses on how Russia’s Star Blizzard hacking group uses spear-phishing to illegally access various kinds of information, including those owned by the defense sector, national governments, non-government organizations and academia. The report reveals that Star Blizzard uses the EvilGinx framework to obtain credentials and session cookies to bypass multifactor authentication.

The CSA also included measures to help organizations fend off Star Blizzard’s spear-phishing attempts. They include using multifactor authentication, updating networks and devices and identifying suspicious emails and links, the NSA said.

The agency continues to release various kinds of warnings and documents amid growing cybersecurity concerns and evolving technologies.

Earlier in December, the NSA and its partners within and outside the United States released a cybersecurity information sheet informing organizations about memory-related vulnerabilities facing software products. The CSI includes recommendations for protecting software products, including using memory-safe language, developing appropriate code guidance and implementing internal training and integration plans.

In October, the NSA released a CSI on how agencies and their partners assess their systems under the zero trust cybersecurity principle.