{"id":497,"date":"2024-10-04T11:40:49","date_gmt":"2024-10-04T11:40:49","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=497"},"modified":"2024-10-04T11:40:49","modified_gmt":"2024-10-04T11:40:49","slug":"doj-seizes-41-russian-controlled-domains-in-cyber-espionage-crackdown","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=497","title":{"rendered":"DOJ seizes 41 Russian-controlled domains in cyber-espionage crackdown"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>The US Department of Justice (DOJ) has seized 41 internet domains used by Russian intelligence agents and their allies for cyberattacks on the US. This marks a major move to block state-sponsored cybercriminals from stealing sensitive information.<\/p>\n<p>\u201cThese Russian domains were being used to trick Americans into giving up their personal data,\u201d <a href=\"https:\/\/www.justice.gov\/opa\/pr\/justice-department-disrupts-russian-intelligence-spear-phishing-efforts\">Deputy Attorney General Lisa Monaco said in a statement<\/a>. \u201cThe Russian government ran this scheme to steal Americans\u2019 sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials.\u201d<\/p>\n<p>The seized domains were used by a hacker group linked to an operational unit within Center 18 of the Russian Federal Security Service (FSB), known as the Callisto Group, to commit violations of unauthorized access to a computer to obtain information from a department or agency of the US, the DOJ statement added.<\/p>\n<p>The group carried out <a href=\"https:\/\/www.csoonline.com\/article\/566789\/what-is-spear-phishing-examples-tactics-and-techniques.html\">spear phishing<\/a> campaigns designed to gain unauthorized access to the computers and email accounts of US government agencies, defense contractors, and other sensitive organizations.<\/p>\n<p>The action, part of the National Cybersecurity Strategy, was carried out alongside a civil lawsuit filed by Microsoft to take down an additional 66 domains controlled by the same actors.<\/p>\n<p>\u201cThis action is part of our broader mission to protect people, businesses, and governments from cyberattacks by foreign adversaries,\u201d Assistant Attorney General Matthew G. Olsen said in a statement. \u201cPartnering with private sector leaders like Microsoft allows us to strike back at these bad actors.\u201d<\/p>\n<p>Microsoft, which tracks the group under the name \u201cStar Blizzard\u201d (formerly SEABORGIUM), reported that between January 2023 and August 2024, the group targeted more than 30 civil society organizations, including journalists and NGOs, by deploying spear-phishing campaigns to exfiltrate sensitive information and interfere in their activities.<\/p>\n<p>\u201cTogether, we have seized more than 100 websites,\u201d <a href=\"https:\/\/blogs.microsoft.com\/on-the-issues\/2024\/10\/03\/protecting-democratic-institutions-from-cyber-threats\/\">Microsoft said in a statement<\/a>. \u201cRebuilding infrastructure takes time, absorbs resources, and costs money. By collaborating with DOJ, we have been able to expand the scope of disruption and seize more infrastructure, enabling us to deliver greater impact against Star Blizzard.\u201d<\/p>\n<p>\u201cSophisticated state-sponsored hacking operations demand proactive collaboration between governments and global tech companies,\u201d said Pareekh Jain, CEO of Pareekh Consulting. \u201cThe partnership between Microsoft and the US government serves as a strong example.\u201d<\/p>\n<p>Moving forward, more global tech companies should not only collaborate with governments but also with one another, sharing information and intelligence proactively, he added. \u201cThis approach can help prevent and mitigate such hacking operations.\u201d<\/p>\n<p>A query seeking comments from Microsoft remains unanswered.<\/p>\n<h2 class=\"wp-block-heading\">Russia\u2019s cyber espionage campaign<\/h2>\n<p>The DOJ\u2019s move is the latest in a series of efforts to counter Russian cyber espionage. In the past, the Callisto Group actors have targeted US-based companies, former employees of the US Intelligence Community, former and current Department of Defense and Department of State employees, US military defense contractors, and staff at the Department of Energy, among others.<\/p>\n<p>In <a href=\"https:\/\/www.justice.gov\/opa\/pr\/two-russian-nationals-working-russias-federal-security-service-charged-global-computer\">December 2023<\/a>, the US DOJ charged two members of the Callisto Group \u2013 Ruslan Aleksandrovich Peretyatko, an officer in FSB Center 18, and Andrey Stanislavovich Korinets \u2013 with hacking government and corporate networks. The indictment charged the defendants with a campaign to hack into computer networks in the US, the UK, other North Atlantic Treaty Organization member countries, and Ukraine, all on behalf of the Russian government, the statement added.<\/p>\n<p>\u201cThe Russia-based actor Star Blizzard (formerly known as SEABORGIUM, also known as Callisto Group\/TA446\/COLDRIVER\/TAG-53\/BlueCharlie) continues to successfully use spear-phishing attacks against targeted organizations and individuals in the UK, and other geographical areas of interest, for information-gathering activity,\u201d America\u2019s Cybersecurity &amp; Infrastructure Security Agency (CISA) said in a <a href=\"https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa23-341a\">December 2023 advisory<\/a>.<\/p>\n<p>The FBI\u2019s San Francisco office is leading the ongoing investigation into this case, as the US government works with public and private partners to dismantle these cybercriminal networks.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>The US Department of Justice (DOJ) has seized 41 internet domains used by Russian intelligence agents and their allies for cyberattacks on the US. This marks a major move to block state-sponsored cybercriminals from stealing sensitive information. \u201cThese Russian domains were being used to trick Americans into giving up their personal data,\u201d Deputy Attorney General [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":498,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-497","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/497"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=497"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/497\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/498"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=497"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=497"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=497"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}