U.S. authorities have seized dozens of internet domains said to be used by Russian intelligence agents and their proxies to steal sensitive and valuable information from U.S. government email accounts and computers, the Justice Department announced Thursday.
In an unsealed warrant, the Justice Department accused the “Callisto Group,” a unit of Russia’s FSB security service, of running a sophisticated spear-phishing campaign aimed at infiltrating government systems and private accounts. The warrant alleges that the group stole “valuable information and sensitive U.S. government intelligence,” targeting former U.S. intelligence personnel, Department of Defense and State employees, military contractors, and U.S.-based companies.
The Justice Department took down 41 internet domains linked to the group, while Microsoft, working in coordination, seized an additional 66 domains. According to Microsoft’s Digital Crimes Unit, these domains were used in a series of cyberattacks targeting more than 30 civil society organizations, including journalists, think tanks, and NGOs critical to democracy.
Operating under the alias “Star Blizzard,” the Callisto Group has been active since at least 2017, focusing its recent efforts on nonprofits, think tanks, and officials who support Ukraine or NATO countries. They have been particularly aggressive in targeting former intelligence officials and experts on Russian affairs, as well as Russian citizens living in the U.S., Microsoft revealed in a blog post.
The Justice Department said the perpetrators used increasingly sophisticated phishing tactics, making their emails appear more legitimate and using stolen credentials to infiltrate other personal, corporate, and government accounts. Deputy Attorney General Lisa Monaco stated, “The Russian government ran this scheme to steal Americans’ sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials.”
Microsoft noted that while the domain seizures would help its investigators gather valuable intelligence to enhance product security and assist victims, it expects the cybercriminals to rebuild their infrastructure in the coming months.
