Oct. 4 (UPI) — U.S. authorities and Microsoft have seized dozens of Internet domains that Russian intelligence-backed hackers used as part of a sophisticated campaign to gain access to U.S. government computers.
“Today’s seizure of 41 internet domains reflects the Justice Department’s cyber strategy in action — using all tools to disrupt and deter malicious, state-sponsored cyber actors,” Deputy Attorney General Lisa Monaco said Thursday in a statement.
The 41 domains seized by federal prosecutors were used by hackers tied to the Russian Federal Security Service’s Callisto Group, which also goes by Star Blizzard, SEABORGIUM and Cold Driver. The hackers have been accused of trying to infiltrate the computers and email accounts of victims, who include government officials of allied nations, NATO and Ukraine, as well as think tank researchers and journalists.
The U.S. Justice Department said Callisto Group hackers used the seized domain in their “ongoing and sophisticated spear-phishing campaign” to reach the computers and emails of their victims.
Spear-phishing involves social engineering and sees a malignant actor sending an email to their target by disguising themselves as a trusted source to gain confidential information.
“The Russian government ran this scheme to steal Americans’ sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials,” Monaco said.
Coinciding with the seizure, Microsoft filed a civil action suit to seize 66 Internet domains used by Callisto Group actors.
In a statement, the U.S. tech giant said it was authorized to seize the domains, which Callisto Group hackers were using to attack its customers. It said that since January 2023, it has identified 82 customers targeted by Callisto Group, at a rate of about one attack a week.
It added that it has seen the Russia-aligned hackers target more than 30 civil society organizations, as well as journalists, think tanks and non-governmental organizations that are “core to ensuring democracy can thrive.”
“Star Blizzard is persistent,” Microsoft said.
“Their victims, often unaware of the malicious intent, unknowingly engage with these messages leading to the compromise of their credentials. These attacks strain resources, hamper operations and stoke fear in victims — all hindering democratic participation.”
The seizure comes after the United States and Britain in December announced sanctions and indictments against two Russian hackers within the FSB’s Callisto Group.
The indictment identifies employees of the U.S. intelligence community, departments of Defense and State, contractors and Department of Energy facilities as having been among the group’s targets between October 2016 and October 2022.