Cyber Security News

Microsoft & DOJ Dismantles Hundreds of Websites Used by Russian Hackers

Microsoft and the U.S. Department of Justice (DOJ) have disrupted the operations of Star Blizzard, a notorious Russian hacking group.

This collaborative effort marks a significant step in safeguarding global democratic processes from cyber threats.

Unsealing the Operation

The United States District Court for the District of Columbia recently unsealed a civil action brought by Microsoft’s Digital Crimes Unit (DCU).

The court order authorized Microsoft to seize 66 domains used by Star Blizzard in cyberattacks targeting Microsoft customers worldwide.

Additionally, the DOJ seized 41 more domains linked to the same group, bringing the total number of dismantled websites to over 100.

 Between January 2023 and August 2024, Star Blizzard targeted more than 30 civil society organizations, including journalists, think tanks, and NGOs.

These attacks aimed to exfiltrate sensitive information and interfere with democratic activities through spear-phishing campaigns.

Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free

Collaborative Efforts and Impact

Microsoft’s collaboration with the DOJ has expanded the scope of disruption against Star Blizzard.

Seizing these domains has significantly impacted the group’s operations at a critical time when foreign interference in U.S. democratic processes is a major concern.

This action disrupts existing infrastructure and quickly positions Microsoft to dismantle any new infrastructure identified through ongoing legal proceedings. 

Microsoft’s DCU and Threat Intelligence teams will gather valuable intelligence about Star Blizzard’s activities through this civil action. This intelligence will enhance product security, aid cross-sector partners in their investigations, and assist victims with remediation efforts.

The Persistent Threat of Star Blizzard

Active since at least 2017, Star Blizzard—also known as COLDRIVER and Callisto Group—has been relentless in its cyberattacks.

Since 2022, they have improved their detection evasion capabilities, focusing on email credential theft against high-value targets.

Their recent targets include NGOs and think tanks supporting government employees and military officials, particularly those aiding Ukraine and NATO countries. 

In 2023, the British government attributed Star Blizzard to the Russian Federal Security Service (FSB), exposing their interference in UK politics.

Despite exposure by governments and companies, Star Blizzard continues to adapt and obfuscate its identity, swiftly transitioning to new domains once their infrastructure is exposed.

Today’s action underscores the importance of upholding international norms for responsible state behavior online.

By dismantling Star Blizzard’s operations, Microsoft and its partners reinforce these norms and demonstrate a commitment to their enforcement. This effort aims to protect civil society and uphold the rule of law in cyberspace.

Microsoft encourages all civil society groups to strengthen their cybersecurity measures by using multi-factor authentication and enrolling in programs like Microsoft’s AccountGuard for additional protection against nation-state cyberattacks.

Upgrade Your Cybersecurity Skills With 100+ Premium Cyber Security Courses Online - Enroll Here


Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Nearest Neighbor Attacks: Russian APT Hack The Target By Exploiting Nearby Wi-Fi Networks

Recent research has revealed that a Russian advanced persistent threat (APT) group, tracked as "GruesomeLarch"…

1 day ago

240+ Domains Used By PhaaS Platform ONNX Seized by Microsoft

Microsoft's Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by Egypt-based…

2 days ago

Russian TAG-110 Hacked 60+ Users With HTML Loaded & Python Backdoor

The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in Central…

2 days ago

Earth Kasha Upgraded Their Arsenal With New Tactics To Attack Organizations

Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to India,…

2 days ago

Raspberry Robin Employs TOR Network For C2 Servers Communication

Raspberry Robin, a stealthy malware discovered in 2021, leverages advanced obfuscation techniques to evade detection…

2 days ago

145,000 ICS Systems, Thousands of HMIs Exposed to Cyber Attacks

Critical infrastructure, the lifeblood of modern society, is under increasing threat as a new report…

2 days ago