U.S. Authorities Seize Multiple Domain Names Linked to Russian Intelligence Hacking Group

U.S. Authorities Seize Multiple Domain Names Linked to Russian Intelligence Hacking Group

U.S. authorities have announced the seizure of dozens of website domain names allegedly used by hackers associated with Russian intelligence to infiltrate U.S. government computer systems. This announcement made on October 4 represents the latest action taken by the United States and other Western governments to counter what they describe as an extensive cyber campaign orchestrated by Russian hackers, many of whom are believed to be state-sponsored.

The Justice Department reported the seizure of over 100 domain names connected to the hacking group known as the Callisto Group in a coordinated effort with technology giant Microsoft. Domain names serve as identifiers that allow websites to communicate with servers and facilitate the exchange of information.

U.S. officials indicated that the Callisto Group employed tactics such as sending deceptive emails that appeared to come from trusted sources. These emails targeted a wide range of individuals including former U.S. military and intelligence personnel as well as non-governmental organizations and private companies. U.S. Attorney Ismail J. Ramsey for the Northern District of California stated that the seizure is part of a coordinated effort with private sector partners aimed at dismantling the infrastructure that cyberespionage actors use to target both U.S. and international entities.

The group's method known as spear phishing involves the distribution of emails containing links or attachments embedded with malicious code. Victims are tricked into opening these attachments or clicking on the links thereby allowing hackers to infiltrate their computer systems to steal sensitive information or monitor communications.

The Callisto Group is the name assigned by Western officials and cybersecurity researchers to the Russian Federal Security Service's Center for Information Security also referred to as Center 18. This center is one of at least two units responsible for conducting cyberoperations for the FSB, the Russian Federal Security Service.

Additionally other Russian security agencies such as the GRU which is the main military intelligence agency and the SVR which is the Foreign Intelligence Service are also known to operate similar cyber activities.

In its announcement regarding the seizure of 66 domain names Microsoft identified the hacking group as Star Blizzard and noted that extensive research on potential targets was conducted prior to launching spear phishing campaigns. The U.S. Department of Energy which oversees several nuclear programs was among the government agencies targeted by Star Blizzard.

Last December U.S. prosecutors charged an FSB officer and another Russian national in connection with Callisto Group's spear phishing operations. The FSB's Center 18 faced significant scrutiny in 2019 when two of its senior officials were convicted of treason for leaking classified information to Western authorities. Historically this center has cooperated with the U.S. Justice Department on joint investigations into cybercrimes.

The FSB’s other primary cyber unit known as Center 16 oversees the agency's signals intelligence operations including communications interception decryption and data processing. In a previous announcement last year Western authorities revealed that they had successfully disrupted a significant surveillance tool that Center 16 had utilized for over a decade to access computer servers in more than 50 countries.