In a joint effort with the US Department of Justice, Microsoft’s Digital Crimes Unit has taken action against the Russian threat actor Star Blizzard, seizing around 100 website domains associated with the group [4].
Description
Star Blizzard [1] [2] [3] [4] [5] [6] [7], also known as SEABORGIUM and Callisto Group [6], has been active since at least 2019 [2], with increased activity in 2022 [1]. The group has targeted civil society organizations globally [1], including governmental organizations [1] [6], NGOs [1], academia [1], and other institutions [1]. Their tactics involve phishing cyberattacks, particularly targeting US Department of Energy facilities and Microsoft customers [1], using personalized emails to steal credentials and exploit sensitive data [1]. Star Blizzard has also targeted military officials in the UK and US who support Ukraine [7], as well as over 30 civil society organizations, including journalists [6], think tanks [4] [6], and non-government organizations [1] [6]. The group’s attacks include targeting Western think tanks, journalists [4] [6], military and intelligence officials through spear phishing emails to infiltrate internal systems and steal sensitive information [4]. In addition to civil society groups, US companies [4], military contractors [4], and the Department of Energy were also targeted. Star Blizzard’s activities were aimed at interfering with the upcoming US election in November. The US Department of Justice has seized 41 domains connected to the threat actor [5], disrupting the group’s infrastructure. Microsoft plans to analyze the seized domains to gather intelligence on Star Blizzard and improve product security.
Conclusion
While cybercriminals may establish new infrastructure in the future [2], the domain seizures represent a significant step in combating the activities of Star Blizzard. The actions taken by Microsoft and the US Department of Justice will provide valuable insights to enhance security measures and assist victims in addressing the impact of these cyberattacks. CISA has issued guidance for civil society groups to protect against similar threats [1], emphasizing the importance of vigilance and proactive measures in safeguarding against cyber threats.
References
[1] https://www.defenseone.com/threats/2024/10/doj-microsoft-disrupt-russian-hackers-targeting-civil-society-orgs/400046/
[2] https://www.cbsnews.com/news/us-microsoft-russia-domains-seized/
[3] https://abcnews.go.com/US/wireStory/us-microsoft-disrupt-russian-hacking-group-targeting-american-114470121
[4] https://apnews.com/article/russia-hacking-microsoft-star-blizzard-fb41bfccbbe7aaecd10a0a93905d4c8a
[5] https://www.infosecurity-magazine.com/news/microsoft-us-govenment-disrupt/
[6] https://siliconangle.com/2024/10/03/justice-department-microsoft-target-russian-phishing-campaigns-domain-seizures/
[7] https://www.techradar.com/pro/microsoft-disrupts-infrastructure-used-by-russian-state-actor-star-blizzard
