The United States has successfully disrupted a Russian cyberattack targeting government agencies, including the Pentagon and State Department, according to a statement from the Justice Department on Thursday (October 3). The U.S. seized 41 internet domains used by Russian intelligence agents and their proxies in the hacking attempt. This action was taken concurrently with Microsoft's effort to disable 66 internet domains used by the same actors.
The seized domains were linked to a unit of the Russian Federal Security Service and were used in a spear-phishing campaign. The hackers aimed to gain access to information from U.S. companies, former employees of the U.S. intelligence community, former and current Department of Defense and State Department employees, U.S. military defense contractors, and Department of Energy staff.
"This disruption exemplifies our ongoing efforts to expel Russian intelligence agents from the online infrastructure they have used to target individuals, businesses, and governments around the world," said Assistant Attorney General Matthew G. Olsen of the Justice Department's National Security Division. "Working closely with private-sector partners such as Microsoft, the National Security Division uses the full reach of our authorities to confront the cyber-enabled threats of tomorrow from Russia and other adversaries."
The hackers are part of the "Callisto Group" and its partners, also known as "Cold River" or "Star Blizzard." This group first came to the attention of intelligence professionals after targeting Britain's foreign office in 2016. In December 2023, the DOJ announced charges against two hackers affiliated with Cold River for a campaign to hack into computer networks in the U.S., the U.K., other NATO members, and Ukraine.