U.S. and Microsoft Seize 107 Russian Domains in Major Cyber Fraud Crackdown
Summary:
Last week, Microsoft and the U.S. Department of Justice (DOJ) announced that they seized 107 internet domains that were being used by Star Blizzard, a Russian nation-state actor. 66 of these domains were used by Star Blizzard to target over 30 civil society organizations including journalists, think tanks, and non-governmental organizations (NGOs), between January 2023 and August 2024. The additional 41 domains, according to the DOJ, were employed in attacks to “commit violations of unauthorized access to a computer to obtain information from a department or agency of the United States, unauthorized access to a computer to obtain information from a protected computer, and causing damage to a protected computer.” Notably, these domains were used by the group in a spear-phishing campaign with the goal of gaining unauthorized access to, and stealing valuable information from, the computers and email accounts of the U.S. government and other victims.
Security Officer Comments:
Star Blizzard has been active since at least 2017, targeting NGOs and think tanks that support government employees and military and intelligence officials, especially those providing support to Ukraine and in NATO countries including the United States and the United Kingdom, as well as in the Baltics, Nordics, and Eastern Europe. Since 2022, Microsoft notes that this group has improved its detection evasion capabilities while focusing its efforts on launching spear-phishing attacks targeting the email accounts of the U.S. government and other victims, with the end goal of gathering credentials and other sensitive data that could pose a threat to national security. Since January 2023, Microsoft has identified 82 customers targeted by Star Blizzard, highlighting the persistent nature of these actors. The attacks observed by Microsoft have singled out high-value targets, with Star Blizzard crafting personalized phishing emails to ultimately gather credentials that be used in further attacks.
Suggested Corrections:
With spear-phishing being the common initial attack vector employed by Star Blizzard, organizations should train users to be on the look out for emails from unknown senders, asking to click on a link or attachment. Email credentials are actively being sought out by Star Blizzard. As such, end users should be careful when entering their credentials online, given that these actors will set up domains masquerading the login portal of well-known email platforms. Two-factor authentication should also be implemented where possible. In the event that credentials are compromised, having a second layer of authentication will prevent actors from gaining access to email accounts.
Link(s):
https://thehackernews.com/2024/10/us-and-microsoft-seize-107-russian.html
Last week, Microsoft and the U.S. Department of Justice (DOJ) announced that they seized 107 internet domains that were being used by Star Blizzard, a Russian nation-state actor. 66 of these domains were used by Star Blizzard to target over 30 civil society organizations including journalists, think tanks, and non-governmental organizations (NGOs), between January 2023 and August 2024. The additional 41 domains, according to the DOJ, were employed in attacks to “commit violations of unauthorized access to a computer to obtain information from a department or agency of the United States, unauthorized access to a computer to obtain information from a protected computer, and causing damage to a protected computer.” Notably, these domains were used by the group in a spear-phishing campaign with the goal of gaining unauthorized access to, and stealing valuable information from, the computers and email accounts of the U.S. government and other victims.
Security Officer Comments:
Star Blizzard has been active since at least 2017, targeting NGOs and think tanks that support government employees and military and intelligence officials, especially those providing support to Ukraine and in NATO countries including the United States and the United Kingdom, as well as in the Baltics, Nordics, and Eastern Europe. Since 2022, Microsoft notes that this group has improved its detection evasion capabilities while focusing its efforts on launching spear-phishing attacks targeting the email accounts of the U.S. government and other victims, with the end goal of gathering credentials and other sensitive data that could pose a threat to national security. Since January 2023, Microsoft has identified 82 customers targeted by Star Blizzard, highlighting the persistent nature of these actors. The attacks observed by Microsoft have singled out high-value targets, with Star Blizzard crafting personalized phishing emails to ultimately gather credentials that be used in further attacks.
Suggested Corrections:
With spear-phishing being the common initial attack vector employed by Star Blizzard, organizations should train users to be on the look out for emails from unknown senders, asking to click on a link or attachment. Email credentials are actively being sought out by Star Blizzard. As such, end users should be careful when entering their credentials online, given that these actors will set up domains masquerading the login portal of well-known email platforms. Two-factor authentication should also be implemented where possible. In the event that credentials are compromised, having a second layer of authentication will prevent actors from gaining access to email accounts.
Link(s):
https://thehackernews.com/2024/10/us-and-microsoft-seize-107-russian.html