Details of the operation

BleepingComputer recalls that in December 2023, Great Britain and its Five Eyes allies linked Callisto Group, Seaborgium, and ColdRiver, also known as Star Blizzard, to Russia’s internal security service and counterintelligence FSB. After that, criminals were kept under tighter surveillance by law enforcement agencies.

They attacked a wide variety of targets, including U.S. companies, former and current employees of the Intelligence Community, U.S. Departments of Defense and State Department, as well as Department of Energy employees and U.S. military defense contractors, according to partially declassified testimony. .

Between January 2023 and August 2024, Microsoft monitored Star Blizzard’s attack on more than 30 non-governmental organizations (journalists, think tanks, and non-governmental organizations that play a key role in ensuring the development of democracy). They acted by organizing phishing campaigns to steal confidential information and interfere with their activities.

Joint efforts of Microsoft and the Department of Justice 107 domains removed, 66 from Microsoft and 41 from the Department of Justice – By eliminating the attack infrastructure used by hackers.

A little about ColdRiver

• This group of Russian government hackers uses open source intelligence (OSINT) and social engineering skills to scout and lure targets at least since 2017.
• In December 2023, Five Eyes warned of ColdRiver phishing attacks targeting academics, defense, government, non-governmental organizations, think tanks, and politicians.
• After Russia invaded Ukraine in 2022, these attacks spread to defense industry facilities and US Department of Energy facilities.
• Microsoft has also previously prevented attacks against several European NATO countries by disabling Microsoft accounts that those countries used to collect emails and monitor their victims’ activities.
• In December, the U.S. State Department imposed sanctions on two ColdRiver operators (one of them an FSB employee) accused by the Justice Department of participating in a global hacking campaign coordinated by the Russian government.