Microsoft and the US Justice Department have seized over 100 internet domains that Russian state-sponsored hackers allegedly used to send phishing emails.Microsoft said it used a civil court order to seize 66 domains used to target company customers. Federal investigators also secured a warrant to take over an additional 41 domains. “The Russian government ran this scheme to steal Americans’ sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials,” said US Deputy Attorney General Lisa Monaco.The feds say a group of “criminal proxies” working for Russia’s Federal Security Service controlled the domains to launch “spear-phishing” emails designed to impersonate a friend, colleague, or trusted contact and trick recipients into installing malware or giving up passwords.
(Credit: Microsoft)
The FBI alleges that the goal has been to break into computers and email accounts belonging to US Department of Defense and State Department officials, former employees in the US intelligence community, and US military defense contractors. Microsoft adds that the Russian state-sponsored hackers, dubbed Star Blizzard, have also been targeting journalists, think tanks, and nongovernmental organizations (NGOs). “While we expect Star Blizzard to always be establishing new infrastructure, today’s action impacts their operations at a critical point in time when foreign interference in US democratic processes is of utmost concern,” Microsoft said in announcing the crackdown. “It will also enable us to quickly disrupt any new infrastructure we identify through an existing court proceeding.”According to the Justice Department’s court affidavit, the seized domains used addresses such as “waylogintexas.com,” “smartloginbreak.com,” “govdoorsec,” and even “ivermectint.com” to try and phish prospective targets. The affidavit also says the hackers tried targeting and were sometimes successful in stealing information covering US defense, foreign affairs, and nuclear energy-related research.
Recommended by Our Editors
Microsoft’s intel also shows the Russian hacker targeted at least 82 company customers since January 2023, or “at a rate of approximately one attack per week.” “This frequency underscores the group’s diligence in identifying high-value targets, crafting personalized phishing emails, and developing the necessary infrastructure for credential theft,” Microsoft added.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
About Michael Kan
Senior Reporter
I’ve been working as a journalist for over 15 years—I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017.
Read Michael’s full bio
Read the latest from Michael Kan
