Microsoft and the US Department of Justice Target Russian Hacker Group Star Blizzard
In a significant move against cybercrime, Microsoft and the US Department of Justice (DoJ) have collaborated to dismantle over 100 domains associated with a Russian-sponsored hacker group known as Star Blizzard. This operation, which took place earlier this week, marks a critical step in the ongoing battle against cyber threats that have increasingly targeted journalists, non-governmental organizations (NGOs), and experts on Russia, particularly those supporting Ukraine.
The Threat of Star Blizzard
Star Blizzard, also referred to as "Cold River" or "Callisto," has been an advanced persistent threat (APT) since 2017. This group is notorious for its sophisticated cyber-espionage tactics, primarily utilizing phishing emails to steal login credentials from its targets. Recent reports indicate that Star Blizzard has developed its first custom backdoor, further enhancing its capabilities to infiltrate and exploit sensitive information.
The DoJ’s recent operation involved the seizure of 41 internet domains, a move that Deputy Attorney General Lisa Monaco described as a demonstration of the Justice Department’s cyber strategy in action. "Today’s seizure reflects our commitment to using all available tools to disrupt and deter malicious, state-sponsored cyber actors," she stated in a press release.
The Scope of the Indictment
The DoJ’s actions are not isolated; they are part of a broader investigation into the group’s activities. A partially unsealed indictment revealed that two officers of the Russian Federal Security Service (FSB), Ruslan Peretyatko and Andrey Korinets, were charged last December for their roles in Star Blizzard’s espionage campaigns. These campaigns have extended beyond the US, targeting military contractors, intelligence personnel, and government agencies in the UK, NATO countries, and Ukraine.
Microsoft has been vigilant in monitoring Star Blizzard’s activities, having previously disrupted the group’s operations in 2022 and again last year. The tech giant emphasized that dismantling the group’s infrastructure would significantly delay their ability to regroup and continue their malicious activities.
A Timely Disruption
The timing of this operation is particularly crucial, as US officials remain on high alert for foreign interference in the upcoming presidential election. With Star Blizzard’s history of advancing Russian interests, including attempts to disrupt elections, the takedown of their domains is seen as a vital measure to protect the integrity of the democratic process.
Microsoft reported that between January 2023 and August 2024, Star Blizzard targeted over 30 civil society organizations, including journalists and NGOs, through spear-phishing campaigns aimed at exfiltrating sensitive information. The company underscored the importance of this action in the context of safeguarding democracy from external threats.
The Persistent Russian Threat
Despite the recent successes against Star Blizzard, experts warn that the threat posed by Russian-backed cyber groups is far from over. Sean McNee, head of threat research at DomainTools, anticipates a surge in nation-state-backed groups resorting to purchasing domains to facilitate cyber-espionage and disseminate misinformation, particularly as the election approaches. He cautioned that while the takedown of Star Blizzard is a significant achievement, it may only scratch the surface of the broader issue.
Tom Kellermann, senior vice president of cyber strategy at Contrast Security, echoed these concerns, stating that Russia has intensified its cyber insurgency within the US. He pointed out that the revelations surrounding Star Blizzard indicate a collaboration between the GRU and various cybercrime cartels, raising alarms about the potential for destructive malware deployment in the near future.
Conclusion: A Call to Action
The recent takedown of Star Blizzard’s domains serves as a reminder of the ongoing battle against cyber threats and the need for vigilance in the face of evolving tactics. As the US approaches a pivotal election period, the collaboration between Microsoft and the DoJ highlights the importance of a united front against state-sponsored cyber actors.
Experts like Kellermann stress the necessity for the private sector to take these warnings seriously, advocating for expanded threat hunting and enhanced security measures to counter the looming threats. As the digital landscape continues to evolve, the fight against cybercrime remains a critical priority for both government and private entities alike.