December 7, 2023 at 08:40PM
The Five Eyes alliance issued a warning about the Russian hacking group Star Blizzard’s phishing attacks on defense and energy sectors. Directed by Russia’s FSB, the group has expanded targets and tactics, with U.S. and UK officials and institutions being primary victims. Two members have been indicted for hacking between 2016-2022. The group also leaks data for political influence.
Here are the clear takeaways from the meeting notes:
1. The Five Eyes alliance has issued a joint security alert about the Russian gang Star Blizzard, which targets defense-industrial firms and energy facilities with phishing campaigns.
2. Star Blizzard, linked to Russian Federal Security Service’s Center 18, is identified by several aliases including Callisto Group, TA446, COLDRIVER, TAG-53, and BlueCharlie, and should not be confused with GRU, which has its own cyber operations.
3. The gang, active since at least 2019, has historically targeted academia, politics, NGOs, and various governmental sectors. In 2022, they expanded their focus to include defense industries and US Department of Energy facilities.
4. Two alleged members of Star Blizzard were charged by a US grand jury for hacking activities targeting US, UK, and other NATO-affiliated networks to collect information on behalf of the Russian government.
5. The attackers use sophisticated phishing techniques, establishing trust over time with their targets through social media and networking platforms before sending malicious links to gather credentials.
6. Mandiant Intelligence and Microsoft have shed light on Star Blizzard tactics, which include selective information leaks for political purposes and using advanced evasion techniques.
7. Agencies involved in the joint alert include the cybersecurity divisions of the US, UK, Canada, Australia, and New Zealand.
Keep in mind the importance of maintaining high cybersecurity measures, especially when it comes to guarding against sophisticated phishing techniques like those employed by Star Blizzard. Increased vigilance is required for personal and professional email accounts to protect sensitive information.