In a joint effort between Microsoft and the U.S. Department of Justice, the operations of Star Blizzard, a notorious Russian hacking group, have been disrupted. This collaboration is aimed at safeguarding global democratic processes from cyber threats, marking a significant step in the ongoing battle against malicious cyber actors.
The recent unsealing of a civil action by the United States District Court for the District of Columbia authorized Microsoft to seize 66 domains used by Star Blizzard in cyberattacks targeting Microsoft customers worldwide. Additionally, the DOJ seized 41 more domains linked to the same group, totaling over 100 dismantled websites. Star Blizzard had targeted more than 30 civil society organizations, including journalists, think tanks, and NGOs between January 2023 and August 2024, with the goal of exfiltrating sensitive information and interfering with democratic activities through spear-phishing campaigns.
By collaborating with the DOJ, Microsoft has expanded the scope of disruption against Star Blizzard and significantly impacted the group’s operations. This action comes at a crucial time when foreign interference in U.S. democratic processes is a major concern, disrupting existing infrastructure and positioning Microsoft to dismantle any new infrastructure identified in ongoing legal proceedings.
Microsoft’s DCU and Threat Intelligence teams will leverage the intelligence gathered through this civil action to enhance product security, aid cross-sector partners in their investigations, and assist victims with remediation efforts. Despite being active since at least 2017, Star Blizzard, also known as COLDRIVER and Callisto Group, has been relentless in its cyberattacks, focusing on email credential theft against high-value targets and targeting NGOs and think tanks supporting government employees and military officials since 2022.
In 2023, the British government attributed Star Blizzard to the Russian Federal Security Service (FSB), highlighting their interference in UK politics. Despite exposure, Star Blizzard continues to adapt and obfuscate its identity, swiftly transitioning to new domains once their infrastructure is exposed. Microsoft’s actions underscore the importance of upholding international norms for responsible state behavior online, aiming to protect civil society and uphold the rule of law in cyberspace.
Microsoft encourages all civil society groups to strengthen their cybersecurity measures by implementing multi-factor authentication and enrolling in programs like Microsoft’s AccountGuard for additional protection against nation-state cyberattacks. This joint effort between Microsoft and the DOJ demonstrates a commitment to enforcing these norms and protecting global democratic processes from malicious cyber threats.