Blog Layout
The Cybersecurity Lair™ • October 7, 2024

Latest News | Russian Phishing Sites Seized in Major U.S. Cybercrime Crackdown

DoJ and Microsoft Disrupt Operations Linked to Russian Intelligence

The U.S. Department of Justice (DoJ) and Microsoft have successfully seized over 100 phishing websites linked to Russian hackers in a coordinated effort to disrupt state-backed cyber operations targeting U.S. institutions. The malicious domains, operated by a group associated with the Russian Federal Security Service (FSB), were used to conduct spear-phishing attacks to gather sensitive information from high-profile targets, including government agencies, defence contractors, and civil society organisations. The operation is part of a broader strategy to dismantle cybercriminal infrastructure, with Microsoft playing a critical role in expanding the scope of disruption.


Technical Highlights:


  • DoJ Seizure: 41 domains seized in collaboration with private partners.
  • Microsoft's Role: Filed a civil suit to seize 66 additional domains.
  • Target Group: Russian state-backed "Callisto Group" (also known as Star Blizzard).
  • Attack Method: Spear-phishing to gain unauthorised access to sensitive data.
  • Targets: U.S. government, defence contractors, NGOs, and think tanks.
  • Previous Incidents: Callisto Group linked to hacking campaigns against NATO and Ukrainian entities.


Sequence of Events:


  • DoJ Action: Seized 41 phishing domains used by Russian intelligence operatives.
  • Microsoft Lawsuit: Filed a civil suit to gain control of 66 related domains.
  • Joint Effort: DoJ and Microsoft coordinated the seizure of more than 100 domains.
  • Group Identification: The sites were operated by the FSB-linked Callisto Group.
  • Target Audience: Phishing campaigns aimed at U.S. government personnel and sensitive organisations.
  • Ongoing Campaign: Callisto Group had been active from January 2023 to August 2024.



Aftermath


The takedown of over 100 phishing sites dealt a significant blow to the Callisto Group’s operations. By seizing these domains, the DoJ and Microsoft disrupted their infrastructure, forcing the group to rebuild its capabilities. While the group is expected to attempt reestablishing its presence, this action has curtailed its ability to carry out immediate operations, especially during a critical period of heightened concern over foreign interference in U.S. democratic processes.



This operation highlights the power of public-private partnerships in tackling sophisticated cyber threats. The collaboration between the DoJ and Microsoft demonstrates how combining legal action with technological expertise can significantly disrupt state-sponsored cyber espionage campaigns. The case also emphasises the importance of vigilance against phishing attacks and the proactive measures required to dismantle the infrastructure behind cybercriminal activities.


Source and further reading.


Waqas. (2024, October 4). DOJ, Microsoft seize 100 Russian phishing sites targeting US. Hackread - Latest Cybersecurity, Tech, Crypto & Hacking News. https://hackread.com/doj-microsoft-seize-russian-phishing-sites-target-us/


Hassan, J. (2017, April 14). Hackers using leaked hacking tools to target Governments. Hackread - Latest Cybersecurity, Tech, Crypto & Hacking News. https://hackread.com/hackers-using-leaked-hacking-tools-to-target-governments/

Share by: