The UK's National Cyber Security Centre (NCSC) urged those in such roles to familiarize themselves with material on its website explaining the techniques and tactics used by the attackers as well as mitigation advice.
The NCSC said that Russia-based group SEABORGIUM and Iran-based group TA453 had targeted a range of organizations and individuals in the UK and abroad throughout 2022.
"The attacks are not aimed at the general public but targets in specified sectors, including academia, defense, government organizations, NGOs, think-tanks, as well as politicians, journalists and activists," it added.
Paul Chichester, NCSC Director of Operations, said that actors based in Russia and Iran "continue to ruthlessly pursue their targets in an attempt to steal online credentials and compromise potentially sensitive systems.
"We strongly encourage organizations and individuals to remain vigilant to potential approaches," he added.
The cyber-attacker often undertakes "reconnaissance activity around their target" in order tailor their attacks more effectively, said the NCSC.
They often approach targets via email, social media and professional networking platforms, "with attackers impersonating real-world contacts of their targets, sending false invitations to conferences and events, and sharing malicious links disguised as Zoom meeting URLs."
Potential targets are urged to use "strong and separate passwords" for online accounts, to keep networks and devices up to date, to enable their email providers' automated email scanning features and to disable mail-forwarding.