Ethical Hacking News
A recent surge in spear-phishing campaigns carried out by Russian state-sponsored actors has left many experts on high alert. This article provides an in-depth analysis of the evasive tactics used by these groups, highlighting the need for organizations to stay ahead of the threats and adopt robust security measures to protect sensitive information.
The US and Microsoft have jointly seized 107 internet domains used by state-sponsored threat actors with ties to Russia to facilitate cybercrime. A coordinated operation is part of a broader effort to disrupt Russian hackers' spear-phishing campaigns and steal sensitive information. The domains were used by COLDRIVER, a threat actor believed to be an operational unit within the Russian Federal Security Service (FSB). The group has been active since at least 2012 and targeted NGOs and think tanks in NATO countries, including the US and UK. The operation marks a significant step forward in the global fight against cybercrime, highlighting the need for vigilance and cooperation among governments and private industry.
In a significant development that marks a major escalation of efforts to combat cybercrime, the United States and Microsoft have jointly seized 107 internet domains used by state-sponsored threat actors with ties to Russia to facilitate computer fraud and abuse in the country. This coordinated operation is part of a broader effort by the U.S. Department of Justice (DoJ) and Microsoft's Digital Crimes Unit (DCU) to disrupt the activities of Russian hackers who have been using spear-phishing campaigns and other tactics to steal sensitive information from unsuspecting victims.
According to the DoJ, the 107 domains were used by a threat actor known as COLDRIVER, which is also referred to by other names such as Blue Callisto, BlueCharlie (or TAG-53), Calisto, Dancing Salome, Gossamer Bear, Iron Frontier, Star Blizzard (formerly SEABORGIUM), TA446, and UNC4057. This group of hackers has been active since at least 2012 and is believed to be an operational unit within Center 18 of the Russian Federal Security Service (FSB).
The DoJ stated that the threat actors used these domains to commit a range of cybercrimes, including unauthorized access to computers and systems, theft of sensitive information, and causing damage to protected computers. The operation was reportedly carried out in coordination with Microsoft, which filed a civil action to seize 66 additional internet domains used by COLDRIVER to single out over 30 civil society entities and organizations between January 2023 and August 2024.
One of the most striking aspects of this operation is the targeting of NGOs and think tanks that support government employees and military officials in NATO countries such as the U.S. and the U.K. These groups were apparently targeted by COLDRIVER in an effort to gather sensitive information about individuals with access to classified materials.
The announcement comes on the heels of recent sanctions imposed on two members of the group, Aleksandrovich Peretyatko and Andrey Stanislavovich Korinets, for their malicious credential harvesting activities and spear-phishing campaigns. The European Council has also imposed sanctions against these individuals in June 2024.
This coordinated effort by the U.S. DoJ and Microsoft is a significant step forward in the global fight against cybercrime. It demonstrates the growing commitment of international authorities to tackling this increasingly sophisticated threat, and highlights the need for vigilance and cooperation among governments and private industry to stay ahead of these hackers.
The operation also serves as a reminder that state-sponsored hacking groups remain a significant concern for national security, with many countries continuing to grapple with the challenges posed by such activities. The fact that COLDRIVER was able to evade detection for so long is a sobering reminder of the evolving nature of this threat and the need for continuous improvement in our defenses.
In conclusion, the global crackdown on Russian state-sponsored cybercrime marked by the seizure of 107 domains used by COLDRIVER is a significant development in the ongoing struggle against this complex and sophisticated threat. As authorities continue to adapt and evolve their strategies to counter these hackers, it will be essential for governments and private industry to remain vigilant and proactive in the face of this ever-present threat.
Related Information:
https://thehackernews.com/2024/10/us-and-microsoft-seize-107-russian.html
https://timesofindia.indiatimes.com/technology/tech-news/microsoft-us-justice-department-take-down-107-websites-used-by-hackers-tied-to-russian-intelligence/articleshow/113943044.cms
https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-110a
https://www.securityweek.com/microsoft-doj-dismantle-domains-used-by-russian-fsb-linked-hacking-group/
https://blog.google/threat-analysis-group/google-tag-coldriver-russian-phishing-malware/
https://thehackernews.com/2023/08/russian-cyber-adversary-bluecharlie.html
https://cybersecuritynews.com/bluecharlie-hacker-group-infrastructure/
https://www.justice.gov/opa/pr/two-russian-nationals-working-russias-federal-security-service-charged-global-computer
https://www.cbsnews.com/news/us-microsoft-russia-domains-seized/
https://www.securityweek.com/us-uk-announce-charges-and-sanctions-against-two-russian-hackers/
https://flashpoint.io/blog/russian-apt-groups-cyber-threats/
https://www.cisa.gov/news-events/cybersecurity-advisories/aa20-296a
https://www.secureworks.com/research/threat-profiles/iron-frontier
https://apnews.com/article/russia-hacking-microsoft-star-blizzard-fb41bfccbbe7aaecd10a0a93905d4c8a
https://www.fastcompany.com/91203365/microsoft-doj-intercept-russian-hacking-groups-spear-phishing-campaign
https://portswigger.net/daily-swig/who-is-behind-apt29-what-we-know-about-this-nation-state-cybercrime-group
Published: Fri Oct 4 13:47:21 2024 by llama3.2 3B Q4_K_M
