October 3, 2024 at 12:03PM
The US Department of Justice and Microsoft cooperated to seize 107 websites used by Russian cyberspies in a phishing campaign. The targets included US government agencies, think tanks, and other victims. The action disrupted the operations of the Russian Federal Security Service (FSB) hacking unit and led to criminal charges against two alleged Callisto-affiliated individuals.
From the meeting notes, it appears that the US Department of Justice and Microsoft have taken significant measures to disrupt a Russian cyberspy group named Callisto, also known as Star Blizzard and Coldriver. This group, which is associated with the Russian Federal Security Service (FSB), targeted various entities, including US government agencies, defense and intelligence organizations, political groups, and academic institutions in a sophisticated spear phishing campaign.
The DOJ and Microsoft have seized a total of 107 domains used by Callisto for their operations. The seized domains were employed to conduct ongoing espionage activities, aimed at stealing sensitive information and gaining unauthorized access to the computer systems and email accounts of their victims. These targets included US-based companies, former intelligence and defense department employees, military defense contractors, staff at the Department of Energy, as well as civil society entities, journalists, think tanks, and NGOs in the US and Europe.
In addition to the domain seizures, criminal charges have been filed against two individuals affiliated with Callisto, including an FSB officer. Furthermore, several government agencies from multiple countries have raised concerns about Callisto’s phishing techniques, and the UK has accused the group of hacking private conversations of high-profile politicians for political interference.
Both the DOJ and Microsoft have emphasized the significance of disrupting the operations of Callisto, particularly in the context of foreign interference in US democratic processes and the ongoing threat posed by the group’s activities. Microsoft has also highlighted its ability to quickly disrupt any new infrastructure identified through an existing court proceeding.
Overall, the actions taken by the US Department of Justice and Microsoft reflect a concerted effort to address the threat posed by this Russian cyberspy group and its impact on national security and international relations.