CYBER SECURITY

DOJ seizes 41 Russian-controlled domains in cyber-espionage crackdown


The US Department of Justice (DOJ) has seized 41 internet domains used by Russian intelligence agents and their allies for cyberattacks on the US. This marks a major move to block state-sponsored cybercriminals from stealing sensitive information.

“These Russian domains were being used to trick Americans into giving up their personal data,” Deputy Attorney General Lisa Monaco said in a statement. “The Russian government ran this scheme to steal Americans’ sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials.”

The seized domains were used by a hacker group linked to an operational unit within Center 18 of the Russian Federal Security Service (FSB), known as the Callisto Group, to commit violations of unauthorized access to a computer to obtain information from a department or agency of the US, the DOJ statement added.

The group carried out spear phishing campaigns designed to gain unauthorized access to the computers and email accounts of US government agencies, defense contractors, and other sensitive organizations.

The action, part of the National Cybersecurity Strategy, was carried out alongside a civil lawsuit filed by Microsoft to take down an additional 66 domains controlled by the same actors.

“This action is part of our broader mission to protect people, businesses, and governments from cyberattacks by foreign adversaries,” Assistant Attorney General Matthew G. Olsen said in a statement. “Partnering with private sector leaders like Microsoft allows us to strike back at these bad actors.”

Microsoft, which tracks the group under the name “Star Blizzard” (formerly SEABORGIUM), reported that between January 2023 and August 2024, the group targeted more than 30 civil society organizations, including journalists and NGOs, by deploying spear-phishing campaigns to exfiltrate sensitive information and interfere in their activities.

“Together, we have seized more than 100 websites,” Microsoft said in a statement. “Rebuilding infrastructure takes time, absorbs resources, and costs money. By collaborating with DOJ, we have been able to expand the scope of disruption and seize more infrastructure, enabling us to deliver greater impact against Star Blizzard.”

“Sophisticated state-sponsored hacking operations demand proactive collaboration between governments and global tech companies,” said Pareekh Jain, CEO of Pareekh Consulting. “The partnership between Microsoft and the US government serves as a strong example.”

Moving forward, more global tech companies should not only collaborate with governments but also with one another, sharing information and intelligence proactively, he added. “This approach can help prevent and mitigate such hacking operations.”

A query seeking comments from Microsoft remains unanswered.

Russia’s cyber espionage campaign

The DOJ’s move is the latest in a series of efforts to counter Russian cyber espionage. In the past, the Callisto Group actors have targeted US-based companies, former employees of the US Intelligence Community, former and current Department of Defense and Department of State employees, US military defense contractors, and staff at the Department of Energy, among others.

In December 2023, the US DOJ charged two members of the Callisto Group – Ruslan Aleksandrovich Peretyatko, an officer in FSB Center 18, and Andrey Stanislavovich Korinets – with hacking government and corporate networks. The indictment charged the defendants with a campaign to hack into computer networks in the US, the UK, other North Atlantic Treaty Organization member countries, and Ukraine, all on behalf of the Russian government, the statement added.

“The Russia-based actor Star Blizzard (formerly known as SEABORGIUM, also known as Callisto Group/TA446/COLDRIVER/TAG-53/BlueCharlie) continues to successfully use spear-phishing attacks against targeted organizations and individuals in the UK, and other geographical areas of interest, for information-gathering activity,” America’s Cybersecurity & Infrastructure Security Agency (CISA) said in a December 2023 advisory.

The FBI’s San Francisco office is leading the ongoing investigation into this case, as the US government works with public and private partners to dismantle these cybercriminal networks.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button