Microsoft and U.S. authorities said on Thursday that a hacking group tied to Russian intelligence attempted to hack into the systems of dozens of Western think tanks, journalists and former military and intelligence officials. Targets included former U.S. intelligence employees, former and current Department of Defense personnel, Department of State employees, Department of Energy staff, U.S. military contractors and U.S.-based companies.
The Department of Justice revealed that authorities have seized 41 internet domains used by Russian intelligence agents and their proxies, and coordinated the takedowns with tech giant Microsoft, which seized an additional 66 unique domains operated by the same group. The domains were intended to steal valuable information from U.S. government computers and email accounts.
In an unsealed warrant, the DOJ accused the "Callisto Group," a unit under Russia's FSB security service, of orchestrating an "ongoing and sophisticated spear phishing campaign" aimed at gaining unauthorized access to the computers and email accounts of victims. The group, known as Star Blizzard to cyberespionage experts, targeted its victims with emails that appeared to come from a trusted source — a tactic known as spear phishing. The Callisto Group has been actively launching cyberattacks since at least 2017 and had recently targeted nonprofits, think tanks and officials who have "provid[ed] support to Ukraine and in NATO countries such as the United States and the United Kingdom, as well as in the Baltics, Nordics, and Eastern Europe."
According to a blog post published by Microsoft's Digital Crimes Unit on Thursday, Microsoft observed the nation state cybercriminals target "over 30 civil society organizations (journalists, think tanks, and non-governmental organizations (NGOs) core to ensuring democracy can thrive) by deploying spear-phishing campaigns to exfiltrate sensitive information and interfere in their activities' between January 2023 and August 2024.
Deputy Attorney General Lisa Monaco said in a statement: "The Russian government ran this scheme to steal Americans' sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials. With the continued support of our private sector partners, we will be relentless in exposing Russian actors and cybercriminals and depriving them of the tools of their illicit trade."
Editorial credit: JHVEPhoto / Shutterstock.com