More than 100 web domains allegedly linked to a cyberespionage campaign run by the Russian government have been seized by the U.S. Department of Justice (DOJ) and tech giant Microsoft, according to court documents unsealed on Oct. 3.
According to the partially unsealed affidavit filed in support of the government’s seizure warrant, the seized domains were used by hackers or criminal proxies working for the Callisto Group—an operational unit within the Russian Federal Security Service, the successor agency to the KGB.
The group ran a “sophisticated spear-phishing campaign,” using the now-seized domains to gain unauthorized access to computers and email accounts belonging to members of the U.S. government and other victims to steal valuable information.
According to the DOJ, victims of the spear-phishing campaign allegedly included U.S.-based companies, former U.S. intelligence employees, former and current Department of Defense and Department of State employees, U.S. military defense contractors, and staff at the Department of Energy.
Deputy Attorney General Lisa Monaco said the seizure of 41 internet domains reflects the DOJ’s “cyber strategy in action,” and that the department uses all available tools to disrupt and deter malicious, state-sponsored cybercriminals.
“The Russian government ran this scheme to steal Americans’ sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials,” Monaco said.“With the continued support of our private sector partners, we will be relentless in exposing Russian actors and cybercriminals and depriving them of the tools of their illicit trade.”
Microsoft’s Digital Crimes Unit also seized another 66 domains, which it said are being used by the Callisto Group. The company refers to the group as “Star Blizzard.”
Callisto Group Targeting Russian Citizens in America
Between January 2023 and August 2024, the hacking group also targeted more than 30 civil society entities and organizations including journalists, think tanks, and nongovernmental organizations (NGOs), using spear-phishing campaigns to exfiltrate sensitive information and interfere in their activities, according to Microsoft.Microsoft said the Callisto Group has been engaged in various forms of cyberattacks since at least 2017.
More recently, however, the group has targeted NGOs and think tanks that support government employees and military and intelligence officials, with a strong focus on those providing support to Ukraine and NATO countries.
The group has been “particularly aggressive” in targeting former intelligence officials, Russian affairs experts, and Russian citizens residing in the United States, Microsoft said.
“Since January 2023, Microsoft has identified 82 customers targeted by this group, at a rate of approximately one attack per week,” the tech firm said. “This frequency underscores the group’s diligence in identifying high-value targets, crafting personalized phishing emails, and developing the necessary infrastructure for credential theft.”
According to the DOJ, the two men worked with the group on behalf of the Russian government, targeting computer networks in the United States and the United Kingdom as well as in NATO member countries and Ukraine.
The information stolen from the targeted accounts was then leaked to the press in Russia and the UK in advance of the 2019 elections in the latter nation, the DOJ said.
Russia’s Ministry of Foreign Affairs did not respond to a request for comment by press time.
