Image: © RareStock/Stock.adobe.com
The Russian group allegedly targeted US government officials, journalists and NGOs to gain sensitive data.
The US government has seized 41 internet domains used by alleged Russian state-sponsored intelligence agents to steal sensitive information and commit computer fraud using spear phishing campaigns.
In a statement yesterday (3 October), the Department of Justice (DoJ) said that the software giant Microsoft had worked in a “coordinated response” with the US government to dismantle the group’s infrastructure and filed a civil action to seize 66 additional internet domains controlled by the group.
The seized domains were used by the ‘Callisto Group’, a unit within the Russian Federal Security Service, or people working for them. The DoJ said that the group accessed sensitive government data by accessing protected computers and conducted spear-phishing campaigns to steal data from US government emails, among others.
According to the justice department, the group targeted US companies, former employees of the US intelligence community, former and current Department of Defense and Department of State employees, US military defence contractors and staff at the Department of Energy.
“This seizure is part of a coordinated response with our private sector partners to dismantle the infrastructure that cyber espionage actors use to attack US and international targets,” said US attorney Ismail J Ramsey for the northern district of California.
Microsoft’s Digital Crimes Unit, who calls this group ‘Star Blizzard’, claimed that it targeted more than 30 civil society organisations, including journalists, think tanks and NGOs, between January 2023 and August 2024 using spear-phishing campaigns to extract sensitive information.
“Star Blizzard is persistent,” said Microsoft in a statement. “They meticulously study their targets and pose as trusted contacts to achieve their goals.”
Since January 2023, the crimes unit identified 82 customers targeted by this group, attacking approximately one target per week.
Yesterday, the company announced that it has filed its civil action to seize the 66 malicious internet domains with the NGO Information Sharing and Analysis Center.
“This case underscores the importance of the FBI’s enduring partnerships with private sector companies, which allow for rapid information sharing and coordinated action. With these seizures, we’ve disrupted a sophisticated cyberthreat aimed at compromising sensitive government intelligence and stealing valuable information,” said FBI special agent in charge Robert Tripp.
“Today’s success highlights the power of collaboration in safeguarding the US against state-sponsored cybercrime.”
Last December, the US government indicted two Russian nationals working with the Callisto Group for hacking into computer networks in the US, UK, other NATO members and Ukraine with the aim of influencing the 2019 UK elections.
Earlier this week, the US, along with the UK and Australia, sanctioned 16 members of a Russian cybercrime gang Evil Corp, which is believed to have extorted at least $300m from victims worldwide.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
