DOJ, Microsoft disrupt Russian hackers targeting civil society orgs
The group, likely linked to Russia’s Federal Security Service, has focused on stealing credentials from NGOs and think tanks around the world.
Microsoft’s digital crimes team and the Justice Department seized some 100 website domains belonging to a Russia-backed hacking gang that’s built a reputation targeting civil society organizations around the world.
A civil action unsealed Thursday afternoon authorized the tech giant’s Digital Crimes Unit to take down some 66 websites belonging to the group, dubbed Star Blizzard. Another 41 websites used by the group were seized by the Justice Department, according to a statement issued by Microsoft.
Star Blizzard — also known as Seaborgium and Callisto in the cybersecurity community — has been a thorn in the side of U.S. cyber officials and international intelligence partners for some time. The group, likely tied to Russia’s Federal Security Service, has been launching cyberattacks against governmental orgs, NGOs, academia and other institutions since at least 2019, DHS’s Cybersecurity and Infrastructure Security Agency said last year.
The group’s hacking activities expanded in 2022, targeting U.S. Department of Energy facilities, CISA said at the time. Microsoft said 82 of its customers were targeted by the hackers since January of last year, at a rate of around one attack per week.
“This frequency underscores the group’s diligence in identifying high-value targets, crafting personalized phishing emails, and developing the necessary infrastructure for credential theft,” said Steven Masada, the assistant general counsel for the company’s Digital Crimes Unit. “Their victims, often unaware of the malicious intent, unknowingly engage with these messages leading to the compromise of their credentials.”
Star Blizzard has been deemed a top antagonist for phishing cyberattacks that target victims through email communications containing links that can siphon sensitive data or load malware onto targets’ devices. Specializing in email credential theft, the collective has aimed to exploit NGOs and think tanks supporting government employees, as well as military and intelligence officials, Masada said.
Phishing schemes have been particularly harder to identify because generative artificial intelligence tools have allowed attackers to craft more realistic-sounding scam messages in languages not native to their upbringing, researchers say.
CISA has previously released guidance for civil society groups, focusing on activists, journalists, human rights workers and others affiliated with organizations that may face cyberthreats.