U.S. officials have seized dozens of web domains used by Russian intelligence agents and their proxies to steal Americans’ information, the Justice Department announced Thursday.
In a partially unsealed affidavit, the DOJ accused hackers or criminal proxies working for the ”Callisto Group” — a unit of the Russian Federal Security Service (FSB) — of seizing domains as part of an “ongoing and sophisticated spear-phishing campaign.”
In doing so, these hackers allegedly stole valuable information from the computers and emails from various targets, including U.S.-based companies, former U.S. intelligence employees, and former and current staff from the Departments of Defense, State and Energy and U.S. military defense contractors.
“The Russian government ran this scheme to steal Americans’ sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials,” Deputy Attorney General Lisa Monaco wrote in a statement. “With the continued support of our private sector partners, we will be relentless in exposing Russian actors and cybercriminals and depriving them of the tools of their illicit trade.”
The domain seizures were done in coordination with Microsoft, which said it seized another 66 domains also used by hackers or proxies with Callisto Group.
The group of nation state cybercriminals, referred to as “Star Blizzard” by Microsoft, allegedly targeted victims from various industry sectors including journalism, think tanks and nongovernmental organizations, between January 2023 and August 2024, Microsoft’s Digital Crimes Unit (DCU) said in a blog post Thursday.
“They have been particularly aggressive in targeting former intelligence officials, Russian affairs experts, and Russian citizens residing in the U.S.,” Microsoft’s DCU said.
Microsoft said Star Blizzard was “persistent” in this scheme and “meticulously” studied their targets before posing as a trusted contact in emails to their victims.
“While we expect Star Blizzard to always be establishing new infrastructure, today’s action impacts their operations at a critical point in time when foreign interference in U.S. democratic processes is of utmost concern,” Microsoft’s DCU wrote.
It comes months after the U.S. charged two men in connection with “a sophisticated spear phishing campaign” related to the Callisto Group.