USNational Security

DOJ Seizes Russian Internet Domains Used in Spear Phishing Operations

‘The Russian government ran this scheme to steal Americans’ sensitive information,’ Deputy Attorney General Lisa Monaco said.
Save
DOJ Seizes Russian Internet Domains Used in Spear Phishing Operations
A man types on a computer keyboard. Kacper Pempel/Reuters
Matt McGregor
Updated:
0:00

The Department of Justice (DOJ) has seized 41 internet domains allegedly used by Russian agents to steal sensitive information from U.S. and international targets.

The DOJ alleged that the Russian hackers belonging to the “Callisto Group,” an organization within the Russian Federal Security Service, sought access to Americans’ data through spear phishing operations intended to gain “unauthorized access to, and steal valuable information from, the computers and email accounts of U.S. government and other victims.”

A typical spear phishing attack can involve hackers using fake email accounts to send messages to targets about a topic they hope will engage them.

“There is often some correspondence between attacker and target, sometimes over an extended period, as the attacker builds rapport,” the Cybersecurity and Infrastructure Security Agency (CISA) says.

Once trust is established, the attacker shares a link, appearing to lead to a document or website of interest. This link directs the target to a server controlled by the attacker, prompting them to enter their account credentials.

“Today’s seizure of 41 internet domains reflects the Justice Department’s cyber strategy in action—using all tools to disrupt and deter malicious, state-sponsored cyber actors,” Deputy Attorney General Lisa Monaco said. “The Russian government ran this scheme to steal Americans’ sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials.”

Related Stories
FBI Dismantles Hacking Network Linked to Russian Intelligence Services: DOJ
FBI Dismantles Hacking Network Linked to Russian Intelligence Services: DOJ
Microsoft Executive Emails Hacked by Russian-Backed Group, Company Says
Microsoft Executive Emails Hacked by Russian-Backed Group, Company Says
The DOJ is working in conjunction with Microsoft’s Digital Crimes Unit (DCU), to combat the alleged actions of the Callisto Group, or what the DCU calls “Star Blizzard.”
Between January 2023 and August 2024, Microsoft observed Star Blizzard target over 30 civil society organizations—journalists, think tanks, and non-governmental organizations (NGOs) core to ensuring democracy can thrive—by deploying spear-phishing campaigns to exfiltrate sensitive information and interfere in their activities,” DCU Assistant General Counsel Steven Masada said in an Oct. 3 blog post.

Masada said that the Callisto Group/Star Blizzard targets NGOs and think tanks that support government employees—and military and intelligence officials, especially those providing support to Ukraine.

“They have been particularly aggressive in targeting former intelligence officials, Russian affairs experts, and Russian citizens residing in the U.S.,” he said.

The DOJ said that Microsoft filed a civil action to seize 66 of the Callisto Group’s internet domains.

“Together, we have seized more than 100 websites. Rebuilding infrastructure takes time, absorbs resources, and costs money. By collaborating with DOJ, we have been able to expand the scope of disruption and seize more infrastructure, enabling us to deliver greater impact against Star Blizzard,” Masada said.
In December 2023, the DOJ announced indictments against alleged Callisto Group members Ruslan Aleksandrovich Peretyatko, an officer of Russia’s Federal Security Service; Andrey Stanislavovich Korinets; and other co-conspirators for their involvement in the operation.

The indictment alleged that the group members hacked into computers in the United States, the UK, and other NATO member countries.

“The Russian government continues to target the critical networks of the United States and our partners, as highlighted by the indictment unsealed today,” Assistant Attorney General Matthew Olsen said. “Through this malign influence activity directed at the democratic processes of the United Kingdom, Russia again demonstrates its commitment to using weaponized campaigns of cyber espionage against such networks in unacceptable ways.”

Microsoft said it encourages civil society groups to strengthen their cybersecurity protections, use robust multifactor authentication such as passkeys, and enroll in Microsoft’s AccountGuard program for additional monitoring and protection.

Matt McGregor
Matt McGregor
Reporter
Matt McGregor is an Epoch Times reporter who covers general U.S. news and features. Send him your story ideas: [email protected]
twitter