Hacking group linked to Russian intelligence targets Western think tanks

Star Blizzard employed sophisticated spear phishing techniques

Microsoft and the US authorities have announced that a hacking group associated with Russian intelligence has been detected attempting to infiltrate the systems of numerous Western think tanks, journalists, and former military and intelligence officials.

Identified as Star Blizzard by cybersecurity experts, the group employed sophisticated spear phishing techniques, sending emails that appeared to originate from trustworthy sources. These deceptive messages aimed to gain access to victims' internal systems, facilitating information theft and disruption of activities.

Microsoft characterised Star Blizzard’s operations as persistent and well-researched, noting that the group often conducted extensive reconnaissance on its targets prior to launching attacks. Their efforts were not limited to individuals but extended to civil society organisations, US businesses, military contractors, and even the Department of Energy, which manages various nuclear programmes.

In a significant move, a court unsealed documents permitting Microsoft and the Department of Justice to seize over 100 domain names associated with Star Blizzard. This legal action followed a lawsuit brought against the group by Microsoft and the Information Sharing and Analysis Center, a non-profit technology organisation that has been investigating the hacking network.

While officials have not disclosed the full extent of Star Blizzard’s success, they have indicated that Russia is likely to continue its campaign of cyberattacks against the United States and its allies. "The Russian government orchestrated this operation to pilfer sensitive information from Americans, employing seemingly legitimate email accounts to deceive victims into revealing their credentials," stated Deputy Attorney General Lisa Monaco during the announcement of US actions against the group. "With the ongoing support of our private sector partners, we will remain vigilant in exposing Russian cybercriminals and dismantling their operations."

What is Star Blizzard?

Star Blizzard has been linked to Russia's Federal Security Service (FSB), with British authorities accusing the group last year of conducting a lengthy cyberespionage campaign targeting UK lawmakers. Microsoft has been monitoring the group's activities since 2017 and reported that Star Blizzard has attempted numerous hacking incidents against around 30 different entities since January 2023. The company’s cybersecurity experts noted the group’s remarkable ability to remain elusive.

"Star Blizzard’s capacity to adapt and conceal its identity poses an ongoing challenge for cybersecurity professionals," Microsoft remarked in a report detailing its findings.

Last year, US authorities charged two Russian nationals in connection with Star Blizzard’s previous actions; both are believed to be residing in Russia.