In a significant move to thwart state-sponsored cybercriminals from stealing sensitive information, the US Department of Justice (DOJ) has seized 41 internet domains used by Russian intelligence agents and their allies for cyberattacks on the US. The Deputy Attorney General, Lisa Monaco, emphasized that these Russian domains were used to deceive Americans into disclosing their personal data. The Russian government orchestrated this scheme to pilfer Americans’ sensitive information, using seemingly legitimate email accounts to dupe victims into divulging account credentials.
The seized domains were affiliated with the Callisto Group, a hacker group linked to an operational unit within Center 18 of the Russian Federal Security Service (FSB). This group engaged in spear-phishing campaigns aimed at gaining unauthorized access to the computers and email accounts of US government agencies, defense contractors, and other sensitive entities. This aggressive action falls under the National Cybersecurity Strategy and was conducted alongside a civil lawsuit filed by Microsoft to dismantle an additional 66 domains controlled by the same nefarious actors.
Assistant Attorney General Matthew G. Olsen underscored the importance of collaborating with private sector leaders like Microsoft to combat these malicious actors. Microsoft, tracking the group under the moniker “Star Blizzard” (formerly SEABORGIUM), disclosed that between January 2023 and August 2024, the group targeted over 30 civil society organizations, including journalists and NGOs, through spear-phishing campaigns to steal sensitive information and disrupt their operations.
The partnership between Microsoft and the US government has proven to be a valuable countermeasure against sophisticated state-sponsored hacking operations. Pareekh Jain, CEO of Pareekh Consulting, emphasized the necessity for global tech companies to engage proactively with governments and each other, sharing information and intelligence to prevent and mitigate such hacking operations effectively.
This recent move by the DOJ is part of a broader effort to combat Russian cyber espionage activities. The Callisto Group actors have previously targeted US-based companies, former employees of the US Intelligence Community, defense contractors, and staff at various US government agencies. In December 2023, the DOJ charged two members of the Callisto Group – Ruslan Aleksandrovich Peretyatko and Andrey Stanislavovich Korinets – with hacking government and corporate networks on behalf of the Russian government.
The ongoing investigation into these cybercriminal networks is being led by the FBI’s San Francisco office, as the US government collaborates with public and private partners to dismantle these threats. The relentless pursuit to protect sensitive information and counter state-sponsored cyberattacks highlights the importance of proactive collaboration between governments and global tech companies in combating evolving cybersecurity threats.