October 3, 2024 at 02:04PM
Microsoft and the Justice Department have seized over 100 domains used by the Russian ColdRiver hacking group to target US government employees and nonprofit organizations worldwide. Linked to Russia’s FSB, the group used spear-phishing attacks to target various victims, including US-based companies and employees from intelligence and defense departments. This action is part of a coordinated effort to dismantle cyber espionage infrastructure.
Key Takeaways from the Meeting Notes:
1. Microsoft and the Justice Department collaborated to seize 107 domains used by the Russian ColdRiver hacking group in spear-phishing attacks targeting U.S. government employees and nonprofit organizations globally.
2. The threat group was linked to Russia’s Federal Security Service (FSB) by the United Kingdom and its Five Eyes allies.
3. Steven Masada, Assistant General Counsel at Microsoft’s Digital Crimes Unit, reported that the Russian ColdRiver group targeted civil society organizations, journalists, think tanks, and NGOs through spear-phishing campaigns, aiming to exfiltrate sensitive information and interfere in their activities.
4. Deputy Attorney General Lisa Monaco and U.S. Attorney Ismail J. Ramsey emphasized that the seizure was part of a coordinated response with private sector partners to dismantle the infrastructure used by cyber espionage actors to attack U.S. and international targets.
5. The ColdRiver threat group, also known as Callisto Group, Seaborgium, and Star Blizzard, has been active since at least 2017 and has expanded its spear-phishing attacks to defense-industrial targets and U.S. Department of Energy facilities.
6. The U.S. State Department has sanctioned two ColdRiver operators and offers rewards for information on other members.
These takeaways highlight the significant collaborative efforts to disrupt and deter the cyber threats posed by the ColdRiver group and underscore the ongoing vigilance and countermeasures to safeguard sensitive information and critical infrastructure.