U.S. Department of Justice seizes Russian intelligence-linked domains used for fraud

The Department’s press service reported the information.

The Department acted simultaneously with Microsoft's civil lawsuit to restrict 66 Internet domains used by the same agents.

“Today’s seizure of 41 internet domains reflects the Justice Department’s cyber strategy in action – using all tools to disrupt and deter malicious, state-sponsored cyber actors,” said Deputy Attorney General Lisa Monaco.

According to her, the Russian government initiated this scheme to steal confidential information from Americans, using seemingly legitimate email accounts to deceive victims into revealing their credentials.

The seized domains were employed by hackers linked to the Callisto Group or its proxies to gain unauthorized access to U.S. government computers and agencies, extracting sensitive information and causing significant damage. These hackers conducted a sophisticated phishing campaign, leveraging the confiscated domains to infiltrate computers and email accounts of the U.S. government and other targets, aiming to steal valuable data.

In this regard, Microsoft announced the filing of a civil lawsuit to seize 66 Internet domains that were also used by Callisto Group hackers. Microsoft Threat Intelligence tracks this group as Star Blizzard (formerly SEABORGIUM, also known as COLDRIVER). Between January 2023 and August 2024, Microsoft observed Star Blizzard targeting more than 30 organizations and civil society entities, including journalists, think tanks, and NGOs, with phishing campaigns to extract sensitive information and interfere with their operations.

The government statement claims that members of the Callisto Group have attacked, among others, U.S. companies, former members of the U.S. intelligence community, former and current employees of the Department of Defense and the Department of State, U.S. military contractors, and employees of the U.S. Department of Energy. In December 2023, the agency indicted two hackers associated with the Callisto Group, Ruslan Aleksandrovich Peretyatko, an officer in FSB Center 18, and Andrey Stanislavovich Korinets, accusing them of creating a campaign to hack computer networks in the United States, the United Kingdom, other NATO member states, and Ukraine on behalf of the Russian government.

• The United Kingdom, the United States, and Australia imposed sanctions against Russian hackers of the Evil Corp. cybercrime group.