The United States announced the seizure on Thursday of 41 internet domains allegedly used by Russian intelligence agents to try to gain access to the computers and email accounts of Pentagon, State Department and other US government employees.
“The Russian government ran this scheme to steal Americans’ sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials,” Deputy Attorney General Lisa Monaco said in a statement.
According to the Justice Department, the domains were used as part of “an ongoing and sophisticated spear-phishing campaign” by the so-called “Callisto Group,” an operational unit within Center 18 of the Russian Federal Security Service (FSB).
Among those targeted were US-based companies, former employees of the US intelligence community, former and current Department of Defense and Department of State employees, and staff at the Department of Energy.
The Justice Department said Microsoft had simultaneously filed a civil action to seize 66 internet domains allegedly used by the Callisto Group, which the US software giant calls “Star Blizzard.”
Microsoft said Star Blizzard, between January 2023 and August 2024, had targeted more than 30 civil society organizations — journalists, think tanks, and non-governmental organizations — with spear-phishing campaigns.
Two alleged Callisto members were indicted by US authorities in December and charged with hacking into computer networks in the United States, the United Kingdom, other NATO countries and Ukraine.
Neither man is in custody and both are believed to be in Russia.
The UK foreign ministry said at the time that the FSB was behind “unsuccessful attempts to interfere in UK political processes” and it had summoned Russia’s ambassador to London over the issue.