Today, the United States District Court for the District of Columbia unsealed a civil action brought by Microsoft’s DCU, including its order authorizing Microsoft to seize 66 unique domains used by Star Blizzard in cyberattacks targeting Microsoft customers globally, including throughout the United States.” reads the post published by Microsoft. “Between January 2023 and August 2024, Microsoft observed Star Blizzard target over 30 civil society organizations – journalists, think tanks, and non-governmental organizations (NGOs) core to ensuring democracy can thrive – by deploying spear-phishing campaigns to exfiltrate sensitive information and interfere in their activities. “While we expect Star Blizzard to always be establishing new infrastructure, today’s action impacts their operations at a critical point in time when foreign interference in U.S. democratic processes is of utmost concern,” the company said. “While we expect Star Blizzard to always be establishing new infrastructure, today’s action impacts their operations at a critical point in time when foreign interference in U.S. democratic processes is of utmost concern. “Microsoft’s Digital Crimes Unit (DCU) is disrupting the technical infrastructure used by a persistent Russian nation-state actor Microsoft Threat Intelligence tracks as Star Blizzard. Furthermore, through this civil action and discovery, Microsoft’s DCU and Microsoft Threat Intelligence will gather additional valuable intelligence about this actor and the scope of its activities, which we can use to improve the security of our products, share with cross-sector partners to aid them in their own investigations and identify and assist victims with remediation efforts. By collaborating with DOJ, we have been able to expand the scope of disruption and seize more infrastructure, enabling us to deliver greater impact against Star Blizzard.” concludes Microsoft. In December 2023, the UK National Cyber Security Centre (NCSC) and Microsoft reported that the Russia-linked APT group Callisto Group was targeting organizations worldwide. According to a press release published by the UK government, the UK and its allies observed a series of attempts by the Russian Intelligence Services to target high-profile individuals and entities through cyber operations. In the past, the group’s activity involved persistent phishing and credential theft campaigns leading to intrusions and data theft. The APT primarily targets NATO countries, but experts also observed campaigns targeting the Baltics, Nordics, and Eastern Europe regions, including Ukraine. Microsoft and the U.S. DoJ seized over 100 domains used by the Russia-linked Callisto Group for launching attacks on U.S. government and nonprofits. The Justice Department revealed the unsealing of a warrant to seize 41 domains used by Russia-linked Callisto Group (formerly SEABORGIUM, also known as COLDRIVER) for computer fraud in the United States. Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies.
This Cyber News was published on securityaffairs.com. Publication date: Fri, 04 Oct 2024 08:43:08 +0000