The Microsoft Threat Analysis Center (MSTIC) has issued a warning about a phishing campaign called “SEABORGIUM”. Microsoft believes that while it’s not new, it’s been around since at least 2017, and has observed enough of SEABORGIUM and its work to publish comprehensive guidance that can help potential victims avoid it.

The dangerous thing about this campaign is how threat actors launch their attacks. Initially, they conducted reconnaissance or close surveillance of potential victims using fake social media profiles. Multiple e-mail addresses are also created to imitate the real identities of natural persons with communication targets.

Below is an example of a recent email sent by threat actors to targets to build trust and compliance:

After that, Microsoft says SEABORGIUM members offer malicious URLs directly in email or attachments, often impersonating hosting services like Microsoft’s OneDrive, as you can see below: