The US and Microsoft disrupt a Russian hacking group targeting American officials and nonprofits

U.S. authorities and Microsoft say hackers linked to Russian intelligence targeted dozens of former military and intelligence officials, journalists and civil society groups with a sophisticated campaign designed to steal information

Published - October 04, 2024 08:31 am IST - WASHINGTON

A message left with the Russian Embassy in Washington was not immediately returned Thursday [File]

A message left with the Russian Embassy in Washington was not immediately returned Thursday [File] | Photo Credit: REUTERS

A hacking group tied to Russian intelligence tried to worm its way into the systems of dozens of Western think tanks, journalists and former military and intelligence officials, Microsoft and U.S. authorities said Thursday.

The group, known as Star Blizzard to cyberespionage experts, targeted its victims with emails that appeared to come from a trusted source — a tactic known as spear phishing. In fact, the emails sought access to the victims' internal systems, as a way to steal information and disrupt their activities.

Star Blizzard's actions were persistent and sophisticated, according to Microsoft, and the group often did detailed research on its targets before launching an attack. Star Blizzard also went after civil society groups, U.S. companies, American military contractors and the Department of Energy, which oversees many nuclear programs, the company said.

On Thursday, a U.S. court unsealed documents authorising Microsoft and the Department of Justice to seize more than 100 website domain names associated with Star Blizzard. That action came after a lawsuit was filed against the network by Microsoft and the NGO-Information Sharing and Analysis Center, a nonprofit tech organisation that investigated Star Blizzard.

Authorities haven't gone into details about Star Blizzard's effectiveness but said they expect Russia to keep deploying hacking and cyberattacks against the U.S. and its allies.

“The Russian government ran this scheme to steal Americans’ sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials," Deputy Attorney General Lisa Monaco said in announcing the U.S. actions against Star Blizzard. "With the continued support of our private sector partners, we will be relentless in exposing Russian actors and cybercriminals and depriving them of the tools of their illicit trade.”

Star Blizzard has been linked to Russia's Federal Security Service, or FSB. Last year, British authorities accused the group of mounting a yearslong cyberespionage campaign against U.K. lawmakers. Microsoft said it has been tracking the group's activities since 2017.

Microsoft said it observed Star Blizzard attempt dozens of hacking efforts targeting 30 different groups since January 2023. The tech giant's cybersecurity experts say Star Blizzard has proven to be especially elusive.

“Star Blizzard’s ability to adapt and obfuscate its identity presents a continuing challenge for cybersecurity professionals,” the company wrote in a report on its findings.

U.S. authorities charged two Russian men last year in connection with Star Blizzard's past actions. Both are believed to be in Russia.

Along with American targets, Star Blizzard went after people and groups throughout Europe and in other NATO countries. Many had supported Ukraine following Russia's invasion.

A message left with the Russian Embassy in Washington was not immediately returned Thursday.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.