The Department of Justice (DOJ) has taken control of 41 internet domains that were allegedly used by Russian agents to steal sensitive information from U.S. and international targets. The DOJ claims that these Russian hackers, known as the “Callisto Group,” are part of the Russian Federal Security Service and have been conducting spear phishing operations to gain unauthorized access to computers and email accounts in order to steal valuable information.
Spear phishing attacks typically involve hackers using fake email accounts to send messages to their targets on a topic they believe will engage them. The Cybersecurity and Infrastructure Security Agency (CISA) explains that there is often ongoing correspondence between the attacker and target as the attacker builds rapport. Once trust is established, the attacker shares a link that appears legitimate but actually leads to a server controlled by the hacker, prompting the target to enter their account credentials.
Deputy Attorney General Lisa Monaco stated that this seizure of 41 internet domains demonstrates the Justice Department’s commitment to using all available tools in order to disrupt and deter state-sponsored cyber actors who engage in malicious activities. She emphasized that this scheme orchestrated by the Russian government aimed at stealing sensitive information from Americans through deceptive email accounts.
The DOJ is collaborating with Microsoft’s Digital Crimes Unit (DCU) in its efforts against the Callisto Group, also known as “Star Blizzard.” According to DCU Assistant General Counsel Steven Masada, Star Blizzard targeted over 30 civil society organizations between January 2023 and August 2024 through spear-phishing campaigns designed to extract sensitive information and interfere with their activities. Masada noted that former intelligence officials, experts on Russian affairs, and Russian citizens residing in the U.S. were particularly targeted.
Microsoft has filed a civil action seeking control over an additional 66 internet domains associated with Callisto Group/Star Blizzard. In December 2023, indictments were announced against alleged members of Callisto Group for hacking into computers in several countries including NATO member states.
Assistant Attorney General Matthew Olsen highlighted Russia’s continued targeting of critical networks both within the United States and its allies’ territories through weaponized cyber espionage campaigns directed at democratic processes.
Microsoft advises civil society groups to enhance their cybersecurity measures by implementing robust multifactor authentication methods such as passkeys while also enrolling in Microsoft’s AccountGuard program for additional monitoring and protection.