Deputy Attorney General Lisa Monaco stated that the Russian government orchestrated a plan to steal sensitive data from Americans. The U.S. Department of Justice (DOJ) has seized 41 internet domains allegedly used by Russian agents to collect sensitive information from both U.S. and international targets.
The DOJ claims that a group of Russian hackers, known as the "Callisto Group" and connected to the Russian Federal Security Service, conducted spear phishing attacks to gain unauthorized access to computers and email accounts of U.S. government personnel and others. In these phishing attempts, attackers send fake emails to their targets, attempting to build trust before eventually tricking them into sharing login credentials via a malicious link.
According to the Cybersecurity and Infrastructure Security Agency (CISA), attackers often correspond with their targets over an extended period to build rapport. Once trust is established, the attacker sends a link to a fake website or document, leading victims to a server controlled by the hackers, where they are asked to enter sensitive information.
Deputy Attorney General Monaco emphasized that the DOJ's seizure of these domains is part of its broader cyber strategy to combat state-sponsored cyber threats. She explained that Russian agents used legitimate-looking email accounts to deceive victims and steal account information.
The DOJ collaborated with Microsoft’s Digital Crimes Unit (DCU) in this operation. The DCU, referring to the Callisto Group as “Star Blizzard,” revealed that between January 2023 and August 2024, over 30 civil society organizations, including journalists, think tanks, and NGOs, were targeted in spear phishing campaigns. The goal was to steal sensitive information and disrupt their activities, especially those connected to supporting Ukraine.
Microsoft noted that Star Blizzard has aggressively targeted former intelligence officials, experts on Russia, and Russian citizens in the U.S. In response, the DOJ and Microsoft have collectively seized over 100 websites associated with the group, significantly impacting their operations.
In December 2023, the DOJ indicted several Callisto Group members, including Ruslan Aleksandrovich Peretyatko, a Russian Federal Security Service officer, and Andrey Stanislavovich Korinets. They were charged with hacking computers in the U.S., the UK, and other NATO countries. Assistant Attorney General Matthew Olsen remarked that these indictments highlight Russia’s ongoing cyber campaigns against U.S. and allied networks, including those involved in democratic processes.
To counter these attacks, Microsoft urges civil society organizations to strengthen their cybersecurity measures, use multifactor authentication, and join the company’s AccountGuard program for added protection.