The U.S. government takes decisive action to combat foreign espionage by seizing Russian-linked internet domains crucial in espionage activities.
At a Glance
- The Justice Department and Microsoft dismantled dozens of domains linked to a Russian espionage campaign.
- A warrant authorized the seizure of 41 domains associated with computer fraud and abuse.
- The domains were connected to the Callisto Group, a unit of Russia’s Federal Security Service (FSB).
- The campaign involved spearphishing to acquire sensitive information and credentials.
- Microsoft filed a civil case to seize 66 additional domains used in cyber attacks.
U.S. Government Intervenes in Cyber Espionage
The U.S. government, alongside Microsoft, dismantled dozens of internet domains linked to Russian espionage campaigns. This strategic operation, authorized by a court-issued warrant, is a vital part of ongoing measures to curb foreign threats to U.S. national security. With 41 domains seized, this collaboration aims to thwart cyber activities instigated by Russian intelligence factions.
The seized domains were traced back to the Callisto Group, tied to Russia’s Federal Security Service (FSB). This group carried out sophisticated spearphishing attacks targeting U.S. intelligence agencies, the Department of Defense, State Department personnel, military contractors, and Department of Energy staff. Through deception, they sought to steal sensitive data and user credentials.
Today, the Justice Department announced the ongoing seizure of 32 internet domains used in Russian government-directed foreign malign influence campaigns colloquially referred to as “Doppelganger,” in violation of U.S. money laundering & criminal trademark laws. pic.twitter.com/zSaxVqrLyS
— U.S. Department of Justice (@TheJusticeDept) September 4, 2024
Collaborative Efforts and Cybersecurity
This campaign forms a part of Microsoft’s ongoing initiatives to leverage private sector capabilities in cybersecurity operations. Microsoft has initiated a civil suit to disable 66 additional domains that have facilitated similar attacks against critical entities. This action underscores the commitment to sever the technological pathways exploited by adversaries.
“Disruptions like the one announced today strip our adversaries of the tools they rely on to target individuals, businesses, and governments all around the world,” Olsen said. “Our fight against this and other cyber-enabled threats to our national security are by no means over.”
Between January 2023 and August 2024, the Callisto Group targeted over 30 civil society entities, including journalists and NGOs. As part of a broader effort, the DOJ and Microsoft actions build on charges previously filed against FSB officers involved in Callisto attacks. The collaboration aims to mitigate the severe effects on targeted groups, especially those facing oppressive regimes and surveillance.
Longstanding Efforts Against Russian Cyber Attacks
The cybersecurity landscape has experienced persistent threats from Russian-linked entities, such as the Star Blizzard group, active since at least 2016. U.S. courts have authorized the seizure of over 100 Star Blizzard domains, reflecting sustained efforts to dismantle the sophisticated and adaptive operations of the group, known for disguising its identity.
“The Russian government ran this scheme to steal Americans’ sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials,” Deputy Attorney General Lisa Monaco said in announcing the U.S. actions against Star Blizzard. “With the continued support of our private sector partners, we will be relentless in exposing Russian actors and cybercriminals and depriving them of the tools of their illicit trade.”
This cohesive operation signifies U.S. dedication to cybersecurity and the collaborative efforts between public and private sectors to combat espionage. By targeting state-sponsored cyber entities, the U.S. endeavors to maintain national security and safeguard individual privacy against unauthorized intrusions and data breaches.
