Microsoft and the US Department of Justice (DoJ) have announced on Thursday the seizure of 107 internet domains used by cybercriminals who have ties to Russia to facilitate cyber fraud and abuse in their country.
How Microsoft and the US Department of Justice (DoJ) “Digital Blitz” Happened
“The Russian government operated this scheme to steal sensitive information from Americans, using seemingly legitimate email accounts to trick victims into revealing their account credentials“, ha declared Deputy Attorney General Lisa Monaco.
The activity was attributed to a cybercriminal group called COLDRIVERalso known by the names Blue Callisto, BlueCharlie (or TAG-53), Calisto (with the alternate spelling Callisto), Dancing Salome, Gossamer Bear, Iron Frontier, Star Blizzard (formerly SEABORGIUM), TA446, and UNC4057.
Active since at least 2012, the group is assessed as an operational unit within Center 18 of the Russian Federal Security Service (FSB).
In December 2023, the UK and US governments have sanctioned two members of the group (whose names are: Aleksandrovich Peretyatko and Andrey Stanislavovich Korinets) for their malicious activities of credential harvesting and spear-phishing campaigns and subsequently, in June 2024, the European Council imposed sanctions against the same two individuals.
The fraudulent Russian domains that were seized by Microsoft and the US government
The DoJ declared that the 41 domains recently seized were used by these cyber criminals to “commit unauthorized access violations to a computer in order to obtain information from a United States department or agency, unauthorized access to a computer to obtain information from a protected computer and cause damage to a protected computer.”
The domains are believed to have been used as part of a spear-phishing campaign targeting US government email accounts and other victims with the aim of collecting valuable credentials and data.
Microsoft’s statement
Alongside the announcement, Microsoft said it had initiated a civil action corresponding to seize another 66 internet domains used by COLDRIVER to target over 30 entities and civil society organizations between January 2023 and August 2024.
This included NGOs and think tanks that support government employees and military and intelligence officials, particularly those providing support to Ukraine and NATO countries such as the United Kingdom and the United States; COLDRIVER’s targeting of NGOs was previously documented from Access Now and Citizen Lab in August 2024.
“Star Blizzard’s operations are relentless, leveraging the trust, privacy and familiarity of everyday digital interactions“said Steven Masada, assistant general counsel at Microsoft’s Digital Crimes Unit (DCU). “They have been particularly aggressive in targeting former intelligence officials, Russian affairs experts, and Russian citizens living in the United States.”
The tech giant said it has identified 82 customers who have been targeted by the adversary since January 2023, demonstrating the group’s tenacity in evolving with new tactics to achieve its strategic objectives.
“This frequency underscores the group’s diligence in identifying high-value targets, crafting customized phishing emails, and developing the infrastructure necessary for credential theft“, ha stated Masada. “Their victims, often unaware of the malicious intentions, unintentionally interact with these messages, leading to the compromise of their credentials.”
What to do to defend yourself from similar attacks
The discovery of these fraudulent sites complete with a sale thanks to the DoJ and Microsoft highlights something that very few people have the courage to admit: knowing how to move when using any telematic and IT device.
There’s no point in installing myriads of antiviruses (which only slow down your PC or phone) if you then click randomly everywhere, on misleading links and fall in front of forms that look like the real site (without paying attention to small graphic details, but above all to the URL).
Staff working on computers, phones or tablets should be trained, instead of relying on antivirus alone.
#Microsoft #government #seize #Russian #domains