In a significant move to counter cyber threats targeting democratic institutions worldwide, Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of domains used by a Russian hacking group linked to the Federal Security Service (FSB).
This collaborative effort, led by Microsoft’s Digital Crimes Unit (DCU) in coordination with the DOJ, saw the seizure of over 100 domains associated with the hacking group known as Star Blizzard. The operation was authorized by a civil action unsealed by the United States District Court for the District of Columbia.
Star Blizzard, also known as COLDRIVER and Callisto Group, has been a persistent threat since at least 2017, with a focus on email credential theft. The group has targeted more than 30 civil society organizations, including journalists, think tanks, and NGOs, between January 2023 and August 2024. These attacks aimed to exfiltrate sensitive information and interfere with democratic processes.
The joint action by Microsoft and the DOJ resulted in the seizure of 66 domains identified by Microsoft and an additional 41 domains seized by the DOJ. This disruption is expected to significantly hinder Star Blizzard’s operations, which have been targeting high-value entities supporting democratic governance.
Star Blizzard’s recent targets include NGOs and think tanks that support government employees and military officials, especially those aiding Ukraine and NATO countries. The group has been attributed to the Russian FSB by the British government, with a focus on interfering in UK politics. Star Blizzard meticulously studies its targets, posing as trusted contacts to execute spear-phishing campaigns.
Since January 2023, Microsoft has identified 82 customers targeted by Star Blizzard, highlighting the persistent threat posed by this hacking group.
Microsoft’s collaboration with the DOJ showcases the impact of united efforts against sophisticated cyber threats. The DCU will continue to innovate in disrupting cybercriminal infrastructure while collaborating with private sector partners, civil society, government agencies, and law enforcement. This operation emphasizes the need for international norms governing responsible state behavior online.
Microsoft encourages civil society groups to enhance their cybersecurity measures, use strong multi-factor authentication, and enroll in programs like Microsoft’s AccountGuard to protect against nation-state cyberattacks. By taking decisive action against Star Blizzard, Microsoft and its partners reinforce international norms and demonstrate a commitment to protecting civil society and upholding the rule of law in cyberspace.
This effort not only disrupts current threats but also sets a precedent for future collaborations to safeguard democratic institutions from cyber interference. The operation underscores the importance of ongoing vigilance and collaboration in countering cyber threats that pose a risk to democratic institutions worldwide.