DOJ & Microsoft Seize 100 Domains Used by Russian Intelligence for Phishing Attacks

Already a subscriber? Make sure to log into your account before viewing this content. You can access your account by hitting the “login” button on the top right corner. Still unable to see the content after signing in? Make sure your card on file is up-to-date.

The Department of Justice and Microsoft have revealed the seizure of more than 100 web domains that Russian intelligence agents and their proxies were using for advanced spear-phishing attacks.

What’s the deal: According to the DOJ, Russian intelligence agents linked to the Callisto Group, a unit within the Russian Federal Security Service (FSB), carried out a spear-phishing campaign aimed at stealing sensitive information from various US entities. A partially unsealed affidavit reveals that the hackers used fraudulent domains to deceive victims, including US-based companies, former intelligence officials, and employees from key government departments such as Defense, State, and Energy, into handing over their account credentials. The hackers gained access to computers and email accounts by posing as trusted sites.

What Microsoft is doing: Simultaneously, Microsoft announced its move to seize 66 web domains used by the cybercriminal group “Star Blizzard,” which has ties to the Callisto Group. Also known as “SEABORGIUM” and “COLDRIVER,” this group had actively targeted journalists, think tanks, and nongovernmental organizations (NGOs) between January 2023 and August 2024.

What the DOJ is saying: In a statement, Deputy Attorney General Lisa Monaco said, “The Russian government ran this scheme to steal Americans’ sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials. With the continued support of our private sector partners, we will be relentless in exposing Russian actors and cybercriminals and depriving them of the tools of their illicit trade.”

US Attorney Ismail J. Ramsey for the Northern District of California added, “This seizure is part of a coordinated response with our private sector partners to dismantle the infrastructure that cyber espionage actors use to attack US and international targets.”

This follows a September indictment that revealed Russian intelligence agencies were attempting to interfere in the 2024 presidential election through a widespread disinformation campaign using fake news websites, bots, and paid influencers.