The US cybersecurity agency CISA is leading a cross-agency push to expose a Russian government-backed APT caught launching spear-phishing campaigns against specific targets in academia, defense, governmental organizations, NGOs and think-tanks.
A joint-advisory from CISA and western law enforcement agencies identified the actor as Star Blizzard and joined with Microsoft's threat intelligence team to expose the ongoing operation and share indicators of compromise.
The FSB-linked hacking team has been observed hitting targeted sectors in the US and UK and the agencies warn that malicious activity has also been seen in other NATO countries, and countries neighboring Russia.
In the observed attacks, CISA said the Russian hackers use open-source tools to harvest credentials before logging into compromised email accounts.
A separate bulletin from Microsoft notes that the Star Blizzard hackers will display patience and clever tactics during communications with targets.
The company notes that Star Blizzard has improved detection evasion capabilities since 2022 while remaining focused on email credential theft against the same targets.
This Cyber News was published on www.securityweek.com. Publication date: Thu, 07 Dec 2023 22:13:04 +0000