Justice Department Seizes 41 Domains Used by Russian Intelligence in Massive Cyber Espionage Takedown
Yesterday, the Justice Department announced the seizure of 41 internet domains used by Russian intelligence agents to commit cyber fraud and espionage. The unsealing of the warrant marks a significant step in disrupting an ongoing cyber campaign linked to the Russian Federal Security Service (FSB) and its proxies.
The operation forms part of a larger, coordinated effort, involving Microsoft and other private partners, to combat malicious cyber activities. Deputy Attorney General Lisa Monaco emphasized the importance of the public-private partnerships in addressing such threats, stating, “Today’s seizure of 41 internet domains reflects the Justice Department’s cyber strategy in action – using all tools to disrupt and deter malicious, state-sponsored cyber actors.” This action was taken concurrently with Microsoft’s civil action to restrain 66 additional internet domains operated by the same actors.
The seized domains were allegedly used by a group known as the Callisto Group (also known as COLDRIVER and Star Blizzard), which operates under Center 18 of the Russian FSB. These hackers orchestrated sophisticated spear-phishing campaigns to steal sensitive data from U.S. government officials, defense contractors, and other high-profile targets. The attackers used deceptive tactics, such as posing as legitimate entities, to lure victims into revealing critical credentials and granting unauthorized access to their systems.
Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division highlighted the significance of this disruption, saying, “This disruption exemplifies our ongoing efforts to expel Russian intelligence agents from the online infrastructure they have used to target individuals, businesses, and governments around the world.”
Between January 2023 and August 2024, Star Blizzard actors targeted more than 30 civil society entities, including journalists, NGOs, and think tanks, using spear-phishing attacks designed to exfiltrate sensitive information and compromise operations. This attack profile mirrors the broader goals of Russian cyber espionage, which include disrupting Western institutions and governments.
Paul Abbate, Deputy Director of the FBI, reaffirmed the agency’s commitment to combating state-sponsored cyber threats, stating, “Our efforts to prevent the theft of information by state-sponsored criminal actors are relentless, and we will continue our work in this arena with partners who share our common goals.”
The affidavit supporting the warrant reveals that the Callisto Group targeted an array of high-value individuals, including former and current U.S. Department of Defense and State employees, U.S. military contractors, and energy sector staff. It also noted the group’s continued targeting of former U.S. Intelligence Community personnel, showing a sustained effort to gather classified or sensitive information for Russian intelligence.
