Friday, November 1, 2024
HomeCyber Security NewsMicrosoft & DOJ Dismantles Hundreds of Websites Used by Russian Hackers

Microsoft & DOJ Dismantles Hundreds of Websites Used by Russian Hackers

Published on

Malware protection

Microsoft and the U.S. Department of Justice (DOJ) have disrupted the operations of Star Blizzard, a notorious Russian hacking group.

This collaborative effort marks a significant step in safeguarding global democratic processes from cyber threats.

Unsealing the Operation

The United States District Court for the District of Columbia recently unsealed a civil action brought by Microsoft’s Digital Crimes Unit (DCU).

- Advertisement - SIEM as a Service

The court order authorized Microsoft to seize 66 domains used by Star Blizzard in cyberattacks targeting Microsoft customers worldwide.

Additionally, the DOJ seized 41 more domains linked to the same group, bringing the total number of dismantled websites to over 100.

 Between January 2023 and August 2024, Star Blizzard targeted more than 30 civil society organizations, including journalists, think tanks, and NGOs.

These attacks aimed to exfiltrate sensitive information and interfere with democratic activities through spear-phishing campaigns.

Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free

Collaborative Efforts and Impact

Microsoft’s collaboration with the DOJ has expanded the scope of disruption against Star Blizzard.

Seizing these domains has significantly impacted the group’s operations at a critical time when foreign interference in U.S. democratic processes is a major concern.

This action disrupts existing infrastructure and quickly positions Microsoft to dismantle any new infrastructure identified through ongoing legal proceedings. 

Microsoft’s DCU and Threat Intelligence teams will gather valuable intelligence about Star Blizzard’s activities through this civil action. This intelligence will enhance product security, aid cross-sector partners in their investigations, and assist victims with remediation efforts.

The Persistent Threat of Star Blizzard

Active since at least 2017, Star Blizzard—also known as COLDRIVER and Callisto Group—has been relentless in its cyberattacks.

Since 2022, they have improved their detection evasion capabilities, focusing on email credential theft against high-value targets.

Their recent targets include NGOs and think tanks supporting government employees and military officials, particularly those aiding Ukraine and NATO countries. 

In 2023, the British government attributed Star Blizzard to the Russian Federal Security Service (FSB), exposing their interference in UK politics.

Despite exposure by governments and companies, Star Blizzard continues to adapt and obfuscate its identity, swiftly transitioning to new domains once their infrastructure is exposed.

Today’s action underscores the importance of upholding international norms for responsible state behavior online.

By dismantling Star Blizzard’s operations, Microsoft and its partners reinforce these norms and demonstrate a commitment to their enforcement. This effort aims to protect civil society and uphold the rule of law in cyberspace.

Microsoft encourages all civil society groups to strengthen their cybersecurity measures by using multi-factor authentication and enrolling in programs like Microsoft’s AccountGuard for additional protection against nation-state cyberattacks.

Upgrade Your Cybersecurity Skills With 100+ Premium Cyber Security Courses Online - Enroll Here


Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...