The United States has seized 41 internet domains used by Russian intelligence agents and their proxies to hack into government agencies, including the Pentagon and State Department, the Justice Department said on Thursday.
The department in a statement said it had acted concurrently with a Microsoft effort to take down 66 internet domains used by the same actors. The seized domains were used by hackers linked to a unit of the Russian Federation.
“The Russian government orchestrated this scheme to steal sensitive information from Americans by using seemingly legitimate email accounts to trick victims into revealing their account credentials,” said Deputy Attorney General Lisa Monaco.
The hackers utilised these domains in a spear-phishing campaign aimed at gaining access to information from US companies, former employees of the US intelligence community, current and former Department of Defense and State Department personnel, US military defence contractors, and staff at the Department of Energy, according to the DOJ.
The seized domains were employed by hackers associated with the “Callisto Group” and its partners, which the DOJ described as a unit within the FSB. This group, also known as “Cold River” or “Star Blizzard,” first came to the attention of intelligence professionals after it targeted Britain’s Foreign Office in 2016.
The Russian embassy did not immediately respond to a request for comment.
In December 2023, the DOJ announced charges against two hackers linked to Cold River for a campaign to infiltrate computer networks in the US, the UK, other NATO members, and Ukraine.