October 4, 2024 at 10:18AM
Microsoft and the U.S. DoJ announced the seizure of 107 internet domains linked to Russian state-sponsored threat actors engaged in cybercrime. The threat actor, known as COLDRIVER and affiliated with the Russian Federal Security Service, targeted U.S. government, NGOs, and think tanks through spear-phishing campaigns. Microsoft also filed a civil action to seize 66 additional domains used by COLDRIVER.
From the meeting notes provided, it is clear that Microsoft and the U.S. Department of Justice have announced the seizure of internet domains used by state-sponsored threat actors with ties to Russia for computer fraud and abuse. This activity has been attributed to a threat actor called COLDRIVER, which is an operational unit within Center 18 of the Russian Federal Security Service (FSB). The threat actors targeted the email accounts of the U.S. government and other victims with the goal of gathering credentials and valuable data through a spear-phishing campaign.
Additionally, Microsoft filed a corresponding civil action to seize additional internet domains used by COLDRIVER to single out civil society entities and organizations, including NGOs and think tanks, particularly those providing support to Ukraine and in NATO countries such as the U.K. and the U.S. The tech giant identified numerous customers who have been targeted by the adversary since January 2023, demonstrating the group’s tenacity in evolving tactics and achieving their strategic goals.
These meeting notes highlight the significant and ongoing cyber threats posed by state-sponsored threat actors and the concerted efforts of organizations like Microsoft and the U.S. Department of Justice to counter such malicious activities.
If you need any further information or details on specific aspects of the meeting notes, feel free to ask.