More than 100 web domains allegedly linked to a cyber-espionage campaign run by the Russian government have been seized by the U.S. Department of Justice (DOJ) and tech giant Microsoft, according to court documents unsealed Thursday.
According to the partially unsealed affidavit filed in support of the government’s seizure warrant, the seized domains were used by hackers or criminal proxies working for the Callisto Group—an operational unit within the Russian Federal Security Service (FSB), the successor agency to the KGB.
The group ran a “sophisticated spear-phishing campaign” using the now-seized domains to gain unauthorized access to computers and email accounts belonging to members of the U.S. government and other victims to steal valuable information.
Victims of the spear-phishing campaign allegedly included U.S.-based companies, former U.S. intelligence employees, former and current Department of Defense and Department of State employees, U.S. military defense contractors, and staff at the Department of Energy, the DOJ said.
Deputy Attorney General Lisa Monaco said the seizure of 41 internet domains reflects the Justice Department’s “cyber strategy in action” and that it uses all available tools to disrupt and deter malicious, state-sponsored cyber actors.
“The Russian government ran this scheme to steal Americans’ sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials,” Monaco said.
“With the continued support of our private sector partners, we will be relentless in exposing Russian actors and cybercriminals and depriving them of the tools of their illicit trade.”
Microsoft’s Digital Crimes Unit (DCU) also seized another 66 domains, which it said are being used by the Callisto Group, which the company refers to as “Star Blizzard.”
Callisto Group Targeting Russian Citizens in America
Between January 2023 and August 2024, the hacking group also targeted over 30 civil society entities and organizations including journalists, think tanks, and nongovernmental organizations (NGOs), using spear-phishing campaigns to exfiltrate sensitive information and interfere in their activities, according to Microsoft.Microsoft said the Callisto Group has been engaged in various forms of cyberattacks since at least 2017.
More recently, however, the group has targeted NGOs and think tanks that support government employees and military and intelligence officials, with a strong focus on those providing support to Ukraine and NATO countries.
The group has been “particularly aggressive” in targeting former intelligence officials, Russian affairs experts, and Russian citizens residing in the United States, Microsoft said.
“Since January 2023, Microsoft has identified 82 customers targeted by this group, at a rate of approximately one attack per week,” the tech firm said.
“This frequency underscores the group’s diligence in identifying high-value targets, crafting personalized phishing emails, and developing the necessary infrastructure for credential theft.”
According to the DOJ, the two men worked with the group, targeting computer networks in the United States and the United Kingdom as well as NATO member countries and Ukraine on behalf of the Russian government.
The information stolen from the targeted accounts was then leaked to the press in Russia and the United Kingdom in advance of the 2019 elections in the latter nation, the DOJ said.
The Epoch Times has contacted Russia’s Ministry for Foreign Affairs for comment.
