US says it disrupted Russian efforts to hack government agencies
The United States has seized 41 internet domains used by Russian intelligence agents and their proxies to hack into government agencies including the Pentagon and State Department, the Justice Department said on Thursday.
The department in a statement said it had acted concurrently with a Microsoft MSFT.O effort to take down 66 internet domains used by the same actors. The seized domains were used by hackers linked to a unit of the Russian Federal Security Service.
“The Russian government ran this scheme to steal Americans’ sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials,” said Deputy Attorney General Lisa Monaco.
The hackers had used the domains in a spear-phishing campaign aimed at getting access to information from U.S. companies, former employees of the U.S. intelligence community, former and current Department of Defense and State Department employees, U.S. military defense contractors, and staff at the Department of Energy, the DOJ said.
The seized domains were used by hackers belonging to the “Callisto Group” and its partners, which the DOJ described as a unit within the FSB. The group, also known as “Cold River” or “Star Blizzard”, first appeared on the radar of intelligence professionals after it targeted Britain’s foreign office in 2016.
The Russian embassy did not immediately respond to a request for comment.
In December 2023, the DOJ announced charges against two hackers affiliated with Cold River for a campaign to hack into computer networks in the U.S., the UK, other NATO members, and Ukraine.