Microsoft and the U.S. Department of Justice (DOJ) have disrupted the operations of Star Blizzard, a notorious Russian hacking group.
This collaborative effort marks a significant step in safeguarding global democratic processes from cyber threats.
Unsealing the Operation
The United States District Court for the District of Columbia recently unsealed a civil action brought by Microsoft’s Digital Crimes Unit (DCU).
The court order authorized Microsoft to seize 66 domains used by Star Blizzard in cyberattacks targeting Microsoft customers worldwide.
Additionally, the DOJ seized 41 more domains linked to the same group, bringing the total number of dismantled websites to over 100.
Between January 2023 and August 2024, Star Blizzard targeted more than 30 civil society organizations, including journalists, think tanks, and NGOs.
These attacks aimed to exfiltrate sensitive information and interfere with democratic activities through spear-phishing campaigns.
Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free
Collaborative Efforts and Impact
Microsoft’s collaboration with the DOJ has expanded the scope of disruption against Star Blizzard.
Seizing these domains has significantly impacted the group’s operations at a critical time when foreign interference in U.S. democratic processes is a major concern.
This action disrupts existing infrastructure and quickly positions Microsoft to dismantle any new infrastructure identified through ongoing legal proceedings.
Microsoft’s DCU and Threat Intelligence teams will gather valuable intelligence about Star Blizzard’s activities through this civil action. This intelligence will enhance product security, aid cross-sector partners in their investigations, and assist victims with remediation efforts.
The Persistent Threat of Star Blizzard
Active since at least 2017, Star Blizzard—also known as COLDRIVER and Callisto Group—has been relentless in its cyberattacks.
Since 2022, they have improved their detection evasion capabilities, focusing on email credential theft against high-value targets.
Their recent targets include NGOs and think tanks supporting government employees and military officials, particularly those aiding Ukraine and NATO countries.
In 2023, the British government attributed Star Blizzard to the Russian Federal Security Service (FSB), exposing their interference in UK politics.
Despite exposure by governments and companies, Star Blizzard continues to adapt and obfuscate its identity, swiftly transitioning to new domains once their infrastructure is exposed.
Today’s action underscores the importance of upholding international norms for responsible state behavior online.
By dismantling Star Blizzard’s operations, Microsoft and its partners reinforce these norms and demonstrate a commitment to their enforcement. This effort aims to protect civil society and uphold the rule of law in cyberspace.
Microsoft encourages all civil society groups to strengthen their cybersecurity measures by using multi-factor authentication and enrolling in programs like Microsoft’s AccountGuard for additional protection against nation-state cyberattacks.
Upgrade Your Cybersecurity Skills With 100+ Premium Cyber Security Courses Online - Enroll Here