Microsoft uncovers persistent cyber threat

Microsoft has uncovered a persistent cyber threat from the hacking group Star Blizzard, linked to Russian intelligence, which has attempted multiple hacking efforts against a wide range of organisations since January 2023. 

A hacking group associated with Russian intelligence attempted to infiltrate the systems of numerous Western think tanks, journalists, and former military and intelligence officials, Caliber.Az reports via foreign media. 

Known as Star Blizzard among cyberespionage experts, the group employed spear phishing tactics, sending emails that appeared to be from trusted sources. These emails aimed to gain access to the victims’ internal systems for the purpose of stealing information and disrupting operations.  

According to Microsoft, Star Blizzard's efforts were both persistent and sophisticated, as the group frequently conducted extensive research on its targets before launching an attack. The group also targeted civil society organizations, US companies, American military contractors, and the Department of Energy, which manages various nuclear programmes. On Thursday, a US court unsealed documents permitting Microsoft and the Department of Justice to seize over 100 website domain names linked to Star Blizzard. This action followed a lawsuit filed against the network by Microsoft and the NGO Information Sharing and Analysis Center, a nonprofit tech organization that investigated Star Blizzard.  

While authorities have not disclosed specifics about Star Blizzard's effectiveness, they indicated that they anticipate continued hacking and cyberattacks from Russia targeting the US and its allies.   Deputy Attorney General Lisa Monaco stated during the announcement of US actions against Star Blizzard, “The Russian government orchestrated this scheme to steal sensitive information from Americans, using seemingly legitimate email accounts to deceive victims into disclosing their credentials. With ongoing support from our private sector partners, we will remain vigilant in exposing Russian actors and cybercriminals, while stripping them of the tools they need for their illicit activities.”   Star Blizzard is believed to have ties to Russia’s Federal Security Service (FSB).

Last year, British authorities accused the group of conducting a long-term cyberespionage campaign against UK lawmakers. Microsoft has been monitoring the group's activities since 2017. Microsoft reported that it has detected Star Blizzard attempting numerous hacking efforts aimed at 30 different groups since January 2023. The tech company’s cybersecurity experts noted that Star Blizzard has been particularly difficult to track. “Star Blizzard’s ability to adapt and disguise its identity poses an ongoing challenge for cybersecurity professionals,” the company stated in a report on its findings.  

Last year, US authorities charged two Russian men in connection with Star Blizzard's previous activities, both of whom are believed to be in Russia. In addition to targeting American entities, Star Blizzard also sought out individuals and organizations across Europe and other NATO countries, many of which had supported Ukraine in the wake of Russia's invasion.

By Naila Huseynova