The US and Microsoft disrupt a Russian hacking group targeting American officials and nonprofits

Friday, October 4, 2024, Vol. 48, No. 40

WASHINGTON (AP) — A hacking group tied to Russian intelligence tried to worm its way into the systems of dozens of Western think tanks, journalists and former military and intelligence officials, Microsoft and U.S. authorities said Thursday.

The group, known as Star Blizzard to cyberespionage experts, targeted its victims with emails that appeared to come from a trusted source — a tactic known as spear phishing. In fact, the emails sought access to the victims' internal systems, as a way to steal information and disrupt their activities.

Star Blizzard's actions were persistent and sophisticated, according to Microsoft, and the group often did detailed research on its targets before launching an attack. Star Blizzard also went after civil society groups, U.S. companies, American military contractors and the Department of Energy, which oversees many nuclear programs, the company said.

On Thursday, a U.S. court unsealed documents authorizing Microsoft and the Department of Justice to seize more than 100 website domain names associated with Star Blizzard. That action came after a lawsuit was filed against the network by Microsoft and the NGO-Information Sharing and Analysis Center, a nonprofit tech organization that investigated Star Blizzard.

Authorities haven't gone into details about Star Blizzard's effectiveness but said they expect Russia to keep deploying hacking and cyberattacks against the U.S. and its allies.

"The Russian government ran this scheme to steal Americans' sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials," Deputy Attorney General Lisa Monaco said in announcing the U.S. actions against Star Blizzard. "With the continued support of our private sector partners, we will be relentless in exposing Russian actors and cybercriminals and depriving them of the tools of their illicit trade."

Star Blizzard has been linked to Russia's Federal Security Service, or FSB. Last year, British authorities accused the group of mounting a yearslong cyberespionage campaign against U.K. lawmakers. Microsoft said it has been tracking the group's activities since 2017.

Microsoft said it observed Star Blizzard attempt dozens of hacking efforts targeting 30 different groups since January 2023. The tech giant's cybersecurity experts say Star Blizzard has proven to be especially elusive.

"Star Blizzard's ability to adapt and obfuscate its identity presents a continuing challenge for cybersecurity professionals," the company wrote in a report on its findings.

U.S. authorities charged two Russian men last year in connection with Star Blizzard's past actions. Both are believed to be in Russia.

Along with American targets, Star Blizzard went after people and groups throughout Europe and in other NATO countries. Many had supported Ukraine following Russia's invasion.

A message left with the Russian Embassy in Washington was not immediately returned Thursday.