U.S. And Microsoft Team Up To Take Hold Of Dozens Of Domains Tied To Russian Hacking Group


BERLIN, GERMANY - JANUARY 25: In this photo illustration a young man types on an illuminated computer keyboard typically favored by computer coders on January 25, 2021 in Berlin, Germany. 2020 saw a sharp rise in global cybercrime that was in part driven by the jump in online retailing that ensued during national lockdowns as governments sought to rein in the coronavirus pandemic. (Photo by Sean Gallup/Getty Images)
(Photo by Sean Gallup/Getty Images)

OAN Staff James Meyers
10:45 AM – Thursday, October 3, 2024

U.S. authorities have seized dozens of internet domains used by Russian intelligence agents and their proxies to steal vital information from U.S. government computers and email accounts, the Justice Department (DOJ) announced on Thursday. 

Advertisement

In an unsealed warrant revealed this week, the DOJ accused the “Callisto Group,” which is a unit under Russia’s FSB security service, of conducting an “ongoing and sophisticated spear phishing campaign” aimed at gaining unauthorized access to the computers and email accounts of victims.

Additionally, the warrant alleged that Russian-directed cybercriminals gained “valuable information and sensitive United States government intelligence.”

The targets included former U.S. intelligence employees, former and current Department of Defense personnel, Department of State employees, Department of Energy staff, U.S. military contractors and U.S.-based companies.

In total, the DOJ seized 41 internet domains and aligned with Microsoft to help in the takedowns, which seized an additional 66 unique domains operated by the same group.

Meanwhile, between January 2023 and August 2024, Microsoft observed the nation state cybercriminals target “over 30 civil society organizations, journalists, think tanks, and non-governmental organizations (NGOs) core to ensuring democracy can thrive — by deploying spear-phishing campaigns to exfiltrate sensitive information and interfere in their activities,” according to a blog post published by Microsoft’s Digital Crimes Unit on Thursday.

According to Microsoft, the Callisto Group, which is also called the alias “Star Blizzard,” has been actively launching cyberattacks since 2017. The group has also targeted nonprofits, think tanks and officials who have “provided support to Ukraine and in NATO countries such as the United States and the United Kingdom, as well as in the Baltics, Nordics, and Eastern Europe.”

“They have been particularly aggressive in targeting former intelligence officials, Russian affairs experts, and Russian citizens residing in the U.S.,” Microsoft’s Digital Crimes Unit wrote. 

The DOJ claimed that the hackers looked to “improve their criminal scheme” by making phishing emails appear more authentic and mining breached email accounts for more information.

“The Russian government ran this scheme to steal Americans’ sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials,” Deputy Attorney General Lisa Monaco said in a statement. “With the continued support of our private sector partners, we will be relentless in exposing Russian actors and cybercriminals and depriving them of the tools of their illicit trade.”

Microsoft indicated that the domain seizures will enable its investigators to gain “valuable intelligence” about the Russian state actors, “which we can use to improve the security of our products, share with cross-sector partners to aid them in their own investigations and identify and assist victims with remediation efforts.”

However, the tech company noted that it expects the cybercriminals to establish new infrastructure in the coming weeks and months.

Stay informed! Receive breaking news blasts directly to your inbox for free. Subscribe here. https://www.oann.com/alerts

Advertisements below

Share this post!





Source link