Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Vulnerabilities & Exploits » U.S. and Microsoft Seize 107 Russian Domains in Major Cyber Fraud Crackdown

U.S. and Microsoft Seize 107 Russian Domains in Major Cyber Fraud Crackdown

U.S. and Microsoft Seize 107 Russian Domains in Major Cyber Fraud Crackdown

https://firewall.firm.in/wp-content/uploads/2024/10/hacker.png

Oct 04, 2024Ravie LakshmananPhishing Attack / Cybercrime

Major Cyber Fraud Crackdown

Microsoft and the U.S. Department of Justice (DoJ) on Thursday announced the seizure of 107 internet domains used by state-sponsored threat actors with ties to Russia to facilitate computer fraud and abuse in the country.

“The Russian government ran this scheme to steal Americans’ sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials,” said Deputy Attorney General Lisa Monaco.

The activity has been attributed to a threat actor called COLDRIVER, which is also known by the names Blue Callisto, BlueCharlie (or TAG-53), Calisto (alternately spelled Callisto), Dancing Salome, Gossamer Bear, Iron Frontier, Star Blizzard (formerly SEABORGIUM), TA446, and UNC4057.

Cybersecurity

Active since at least 2012, the group is assessed to be an operational unit within Center 18 of the Russian Federal Security Service (FSB).

In December 2023, the U.K. and U.S. governments sanctioned two members of the group – Aleksandrovich Peretyatko and Andrey Stanislavovich Korinets – for their malicious credential harvesting activities and spear-phishing campaigns. Subsequently, in June 2024, the European Council imposed sanctions against the same two individuals.

The DoJ said the newly seized 41 domains were used by the threat actors to “commit violations of unauthorized access to a computer to obtain information from a department or agency of the United States, unauthorized access to a computer to obtain information from a protected computer, and causing damage to a protected computer.”

The domains are alleged to have been used as part of a spear-phishing campaign targeting the email accounts of the U.S. government and other victims with the goal of gathering credentials and valuable data.

Parallel to the announcement, Microsoft said it filed a corresponding civil action to seize 66 additional internet domains used by COLDRIVER to single out over 30 civil society entities and organizations between January 2023 and August 2024.

This included NGOs and think tanks that support government employees and military and intelligence officials, particularly those providing support to Ukraine and in NATO countries such as the U.K. and the U.S. COLDRIVER’s targeting of NGOs was previously documented by Access Now and the Citizen Lab in August 2024.

Cybersecurity

“Star Blizzard’s operations are relentless, exploiting the trust, privacy, and familiarity of everyday digital interactions,” Steven Masada, assistant general counsel at Microsoft’s Digital Crimes Unit (DCU), said. “They have been particularly aggressive in targeting former intelligence officials, Russian affairs experts, and Russian citizens residing in the U.S.”

The tech giant said it identified 82 customers who have been targeted by the adversary since January 2023, demonstrating a tenacity on the group’s part to evolve with new tactics and achieve their strategic goals.

“This frequency underscores the group’s diligence in identifying high-value targets, crafting personalized phishing emails, and developing the necessary infrastructure for credential theft,” Masada said. “Their victims, often unaware of the malicious intent, unknowingly engage with these messages leading to the compromise of their credentials.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.


Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket