In a significant move against cyber espionage, the FBI and Microsoft have collaborated to seize over 100 web domains believed to be associated with Russian intelligence operations. Unsealed court documents reveal that these domains were linked to the FSB, Russia’s Federal Security Service, and were used to carry out cyber-attacks on a range of targets, including U.S. government agencies and organizations that are critical of the Kremlin.
This coordinated effort highlights the U.S. government’s determination to combat foreign cyber threats, representing one of the rare instances where such actions have been made public.
Targeting Sensitive Information
The seized domains were allegedly part of a spear-phishing campaign orchestrated by the FSB. According to the FBI’s affidavit, these sites were designed to deceive individuals into revealing sensitive credentials, such as email passwords. Once the FSB gained access to this information, it could infiltrate email accounts and computers to steal critical intelligence.
The FBI outlined that the stolen data encompassed sensitive details related to U.S. government employees, as well as information on national defense, foreign policy, and nuclear technology research. Such intelligence is particularly valuable to Russia, which aims to use it to conduct malicious influence operations within the United States. “The targeted information included sensitive U.S. government data and nuclear energy-related technology,” the affidavit stated, underscoring the strategic importance of these operations for the Russian government.
A Coordinated Response
The operation involved the U.S. Department of Justice seizing 41 web domains, while Microsoft took control of 66 additional domains that were believed to be part of the same espionage network. This legal action is an uncommon but effective tactic for countering foreign cyber operations.
Deputy Attorney General Lisa Monaco emphasized the significance of this joint initiative, stating that it is part of the Justice Department’s broader strategy to combat state-sponsored cyber activities. “The Russian government used deceptive tactics to steal sensitive information from Americans,” Monaco said, pledging that the Department would continue to utilize all available resources to identify and deter cyber threats from foreign actors.
Microsoft’s Digital Crimes Unit Steps In
Microsoft’s Digital Crimes Unit (DCU) was instrumental in pinpointing the domains and actively tracking Russian cyber threats. The company identified that many of these domains were controlled by a group known as the Callisto Group, or “Star Blizzard.” Microsoft’s Threat Intelligence platform reported that this group had been targeting customers worldwide, especially in the U.S.
In a recent blog post, Steven Masada, assistant general counsel for Microsoft’s DCU, explained that the legal actions taken would severely impact Russian cyber espionage efforts. With the 2024 presidential elections approaching, he emphasized the importance of safeguarding U.S. democratic processes. “This legal takedown comes at a critical moment when protecting our elections is paramount,” Masada noted.
While there’s no direct evidence linking these FSB operations to specific attempts to infiltrate U.S. election campaigns, Microsoft remains vigilant against Russian cyber activities, reinforcing its commitment to collaborate with government agencies to protect national security.
Context of Russian Cyber Espionage
The FSB operates as Russia’s primary intelligence agency, conducting extensive surveillance and cyber espionage against foreign entities. Although the U.S. government has yet to accuse the FSB of interfering in the upcoming elections, Russian intelligence has a notorious history of cyber operations aimed at influencing democratic processes. For instance, the U.S. previously blamed Russia’s military intelligence agency, the GRU, for hacking and leaking emails from Hillary Clinton’s campaign in 2016 to undermine her candidacy.
Global Implications and Civil Society Support
The Justice Department’s actions also carry global ramifications. Last year, two FSB officers were indicted for attempting to interfere in British politics by hacking the email accounts of parliamentarians ahead of the 2019 U.K. elections. This further demonstrates the FSB’s willingness to use cyber tactics as a means of political manipulation.
While many of the seized domains were hosted by Verisign, a Virginia-based firm, there is no evidence suggesting that Verisign knowingly facilitated any illegal activities. Natalia Krapiva from Access Now, an internet access nonprofit, praised the seizure as a victory for civil society groups often targeted by intelligence services. “This joint legal action is a powerful demonstration of what can be accomplished when governments, private companies, and civil society unite to protect vulnerable communities from cyber threats,” Krapiva stated.
