Microsoft and the U.S. Justice Department have joined forces to disrupt a Russian hacking group’s operations, seizing over 100 websites used in cyberattacks against American officials and organizations.
At a Glance
- Microsoft and DOJ seized 107 websites used by Star Blizzard, a Russian intelligence-linked hacking group.
- Star Blizzard allegedly targeted Western think tanks, journalists, former military and intelligence officials, and U.S. companies.
- The group is accused of using sophisticated spear-phishing tactics to steal sensitive information.
- Two Russian men have been charged in connection with Star Blizzard’s activities.
Star Blizzard’s Cyber Espionage Campaign
A Russian intelligence-linked hacking group known as Star Blizzard has been at the center of a major cybersecurity operation led by Microsoft and the U.S. Department of Justice. The group, also tracked as ColdRiver, Callisto Group, and Seaborgium, has been reportedly active since at least 2017 and is believed to be connected to Russia’s Federal Security Service (FSB). Star Blizzard’s alleged targets have included Western think tanks, journalists, former military and intelligence officials, U.S. companies, and government agencies.
The hacking group’s primary method of attack reportedly involves sophisticated spear-phishing campaigns. These targeted emails, designed to appear as if they’re from trusted sources, aim to trick recipients into revealing their login credentials. Once obtained, this information allows the hackers to access sensitive systems and data.
The US and Microsoft disrupt a Russian hacking group targeting American officials and nonprofitshttps://t.co/O3R3aNL2Rk
— MSN (@MSN) October 3, 2024
Microsoft and DOJ’s Countermeasures
In a significant move to counter Star Blizzard’s activities, Microsoft’s Digital Crimes Unit and the U.S. Department of Justice have seized 107 websites used by the hacking group. This operation was authorized by a U.S. court, with Microsoft taking control of 66 domains through civil action and the DOJ seizing the remaining 41.
“The Russian government ran this scheme to steal Americans’ sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials,” stated Deputy Attorney General Lisa Monaco. “With the continued support of our private sector partners, we will be relentless in exposing Russian actors and cybercriminals and depriving them of the tools of their illicit trade.”
This coordinated effort aims to disrupt the infrastructure used by cyber espionage actors to attack U.S. and international targets. The operation comes at a critical time when foreign interference in U.S. democratic processes is of utmost concern.
Expanding Targets and Evolving Tactics
Star Blizzard’s activities have become increasingly concerning, especially since Russia’s invasion of Ukraine in 2022. The group has allegedly expanded its attacks to include defense-industrial targets and U.S. Department of Energy facilities. Between January 2023 and August 2024, Microsoft observed Star Blizzard targeting over 30 civil society organizations, including journalists, think tanks, and non-governmental organizations crucial to democratic processes.
“Star Blizzard’s ability to adapt and obfuscate its identity presents a continuing challenge for cybersecurity professionals,” Microsoft wrote in a report on its findings.
The group’s persistence, deep research of targets, and skilled impersonation of trusted contacts have made it a formidable threat. Despite the recent disruptions, Microsoft warns that Star Blizzard is likely to establish new infrastructure to continue its operations.
Legal Action and Future Vigilance
In addition to the website seizures, U.S. authorities have charged two Russian men in connection with Star Blizzard’s activities. Both individuals are believed to be in Russia, highlighting the challenges of bringing international cybercriminals to justice.
“This seizure is part of a coordinated response with our private sector partners to dismantle the infrastructure that cyber espionage actors use to attack U.S. and international targets,” U.S. Attorney Ismail J. Ramsey added.
As the threat landscape continues to evolve, collaboration between government agencies and private sector companies like Microsoft remains crucial in combating sophisticated cyber threats. The action against Star Blizzard serves as a reminder of the ongoing need for vigilance and proactive measures to protect sensitive information and national security interests.
Sources
- The US and Microsoft disrupt a Russian hacking group targeting American officials and nonprofits
- Justice Department Disrupts Russian Intelligence Spear-Phishing Efforts
- U.S. and Microsoft Seize 107 Russian Domains in Major Cyber Fraud Crackdown
- Protecting Democratic Institutions from Cyber Threats