Microsoft’s Digital Crimes Unit (DCU) did just that announced a successful operation that disrupted the infamous Russian state actor ‘Star Blizzard’.
Since early 2023, Microsoft has seen Star Blizzard attack more than 30 organizations, including NGOs, journalists, and think tanks. The attacks mainly consisted of spear-phishing campaigns to exfiltrate victims’ sensitive data and hinder activities aimed at preserving democratic processes.
At a rate of approximately one attack per week, the group appears to be deploying increasingly sophisticated tactics and persistent in identifying and creating personalized phishing emails for high-value targets.
Valuable intelligence
In the now unsealed civil suit, Microsoft’s DCU seized 66 unique domains used to target users around the world.
Star Blizzard has reportedly been active since 2017, targeting military officials in Britain and the US, especially those providing support to Ukraine and its allies.
With the 2024 US presidential election so close, Microsoft is confident that this disruption has come at a critical point for Russian operations seeking to undermine and interfere with Western democracies. The action would have provided valuable information about the group and the scope of its activities.
Together with the Justice Department, Microsoft has seized more than 100 of the actor’s websites, dealing a serious blow to its infrastructure and operations. Cybersecurity is often a game of cat and mouse, so this almost certainly won’t be the end for Star Blizzard, but it’s a start.
Malicious cyber attacks and foreign election interference are nothing new, and the “shadow war” has escalated since Russia’s invasion of Ukraine began. Attacks on critical infrastructure, ransomware and disinformation campaigns have become commonplace – and more than a dozen Russian cybercriminals have been sanctioned by Britain.