“The Justice Department announced today the unsealing of a warrant authorizing the seizure of 41 internet domains used by Russian intelligence agents and their proxies to commit computer fraud and abuse in the United States. As an example of the Department’s commitment to public-private operational collaboration to disrupt such adversaries’ malicious cyber activities, as set forth in the National Cybersecurity Strategy, the Department acted concurrently with a Microsoft civil action to restrain 66 internet domains used by the same actors,” says a Justice Department press release.

“According to the partially unsealed affidavit filed in support of the government’s seizure warrant, the seized domains were used by hackers belonging to, or criminal proxies working for, the ‘Callisto Group,’ an operational unit within Center 18 of the Russian Federal Security Service (the FSB), to commit violations of unauthorized access to a computer to obtain information from a department or agency of the United States, unauthorized access to a computer to obtain information from a protected computer, and causing damage to a protected computer. Callisto Group hackers used the seized domains in an ongoing and sophisticated spear-phishing campaign with the goal of gaining unauthorized access to, and steal valuable information from, the computers and email accounts of US government and other victims. In conjunction, Microsoft announced the filing of a civil action to seize 66 internet domains also used by Callisto Group actors. Microsoft Threat Intelligence tracks this group as ‘Star Blizzard’ (formerly SEABORGIUM, also known as COLDRIVER).”