WASHINGTON — A hacking group tied to Russian intelligence tried to worm its way into the systems of dozens of Western think tanks, journalists and former military and intelligence officials, Microsoft and U.S. authorities said Thursday.
The group, known as Star Blizzard to cyberespionage experts, targeted its victims with emails that appeared to come from a trusted source — a tactic known as spear phishing. In fact, the emails sought access to the victims’ internal systems, as a way to steal information and disrupt their activities.
Star Blizzard’s actions were persistent and sophisticated, according to Microsoft, and the group often did detailed research on its targets before launching an attack. Star Blizzard also went after civil society groups, U.S. companies, American military contractors and the Department of Energy, which oversees many nuclear programs, the company said.
On Thursday, a U.S. court unsealed documents authorizing Microsoft and the Department of Justice to seize more than 100 website domain names associated with Star Blizzard. That action came after a lawsuit was filed against the network by Microsoft and the NGO-Information Sharing and Analysis Center, a nonprofit tech organization that investigated Star Blizzard.
Authorities haven’t gone into details about Star Blizzard’s effectiveness but said they expect Russia to keep deploying hacking and cyberattacks against the U.S. and its allies.
“The Russian government ran this scheme to steal Americans’ sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials,” Deputy Attorney General Lisa Monaco said in announcing the U.S. actions against Star Blizzard. “With the continued support of our private sector partners, we will be relentless in exposing Russian actors and cybercriminals and depriving them of the tools of their illicit trade.”
Star Blizzard has been linked to Russia’s Federal Security Service, or FSB. Last year, British authorities accused the group of mounting a yearslong cyberespionage campaign against U.K. lawmakers. Microsoft said it has been tracking the group’s activities since 2017.
Microsoft said it observed Star Blizzard attempt dozens of hacking efforts targeting 30 different groups since January 2023. The tech giant’s cybersecurity experts say Star Blizzard has proven to be especially elusive.
“Star Blizzard’s ability to adapt and obfuscate its identity presents a continuing challenge for cybersecurity professionals,” the company wrote in a report on its findings.
U.S. authorities charged two Russian men last year in connection with Star Blizzard’s past actions. Both are believed to be in Russia.
Along with American targets, Star Blizzard went after people and groups throughout Europe and in other NATO countries. Many had supported Ukraine following Russia’s invasion.
A message left with the Russian Embassy in Washington was not immediately returned Thursday.
In a groundbreaking collaboration, the United States government and tech giant Microsoft have joined forces to combat a Russian hacking group that has been targeting American officials and nonprofits. The group, known as Strontium or Fancy Bear, has been linked to numerous cyber attacks on organizations and individuals in the US.
The partnership between the US government and Microsoft comes at a critical time, as cyber attacks from foreign entities continue to pose a significant threat to national security. In recent years, Russian hackers have been responsible for a number of high-profile attacks, including the breach of the Democratic National Committee’s email server during the 2016 presidential election.
In response to these threats, the US government has been working closely with tech companies like Microsoft to identify and neutralize cyber threats. Microsoft’s Digital Crimes Unit has been at the forefront of these efforts, using advanced technology and intelligence to track and disrupt malicious activities.
One of the key tactics used by Strontium is spear phishing, a technique in which hackers send targeted emails containing malware or links to malicious websites. Once a recipient clicks on the link or downloads the attachment, the hackers can gain access to sensitive information or control over the victim’s computer.
To combat this threat, Microsoft has developed advanced email security tools that can detect and block suspicious emails before they reach their intended targets. These tools use machine learning algorithms to analyze email patterns and identify potential threats, allowing organizations to proactively defend against cyber attacks.
In addition to improving email security, Microsoft has also been working with law enforcement agencies to identify and disrupt the infrastructure used by Strontium to carry out its attacks. By taking down servers and domains used by the hacking group, Microsoft and the US government are able to disrupt their operations and prevent further attacks.
The collaboration between the US government and Microsoft represents a new approach to cybersecurity, one that emphasizes cooperation between public and private sector entities. By sharing intelligence and resources, these organizations are able to respond more effectively to cyber threats and protect American officials and nonprofits from malicious actors.
As cyber attacks continue to evolve in complexity and sophistication, it is essential for governments and tech companies to work together to defend against these threats. The partnership between the US government and Microsoft serves as a model for how collaboration can strengthen cybersecurity defenses and safeguard critical infrastructure from malicious actors.
