"Today, the US Treasury Department's Office of Foreign Assets Control (OFAC), in coordination with the United Kingdom, listed two individuals associated with the Modern Persistent Threat Group (APT), which is sponsored by the Russian Federal Security Service," the report said.
It is aimed at individuals and legal entities in the United States, the United Kingdom, and other allied and partner countries.
Treasury Undersecretary for Terrorism and Financial Intelligence Brian Nelson said the United States and the United Kingdom are standing together and steadfastly opposing the efforts of the Kremlin and its state-sponsored malicious cyber groups to target their democracies.
FSB uses phishing against US and UK
It is noted that the Kremlin uses the FSB to promote the interests of the Kremlin and attempts to undermine the interests of the United States, its allies and partners. The FSB uses its cyber capabilities to improve its espionage, influence, and intrusion campaigns.
The FSB unit is responsible for APT targeting the US and other countries. The FSB division, which is highly specialized in targeted phishing, has received several nicknames from private cybersecurity firms, including "Callisto" or "Callisto Group", "Seaborgium", "Coldriver", "Star Blizzard", "Spider Bear", "ReUse Team", "Dancing Straw", "BlueCharlie" and others.
The FSB's targeted phishing campaigns were designed to gain access to email accounts, maintain permanent access to accounts and related networks, and obtain and potentially leak sensitive information to further the Kremlin's political goals.
Who was sanctioned
The US Treasury Department reports that two people are involved in this targeted phishing activity, namely an FSB officer Ruslan Alexandrovich Peretyatko and an IT worker from Syktyvkar, Andrey Stanislavovich Korinets.
In the period from 2016 to 2020, Korinets fraudulently created and registered an infrastructure of malicious domains for targeted phishing campaigns of the FSB. He anonymously created shortened URL links that were embedded in phishing emails.
Koreshok created at least 39 domains through 5 different domain registrars, using aliases and fake addresses in an attempt to hide himself from the domains. From the moment of activation until the end of 2019, a fake email account designed to mimic a retired US Air Force general sent at least 20 targeted phishing emails, including domains created by Korinets.
Peretyatko used several email addresses that were created to mimic legitimate management accounts of well-known technology companies to send targeted phishing emails, some of which contained the domain infrastructure created by Korinets.
• Ruslan Aleksandrovich PERETYATKO, who is a Russian FSB intelligence officer and a member of Star Blizzard AKA the Callisto Group
• Andrey Stanislavovich KORINETS, AKA Alexey DOGUZHIEV, who is a member of Star Blizzard AKA the Callisto Group
Russian Cyberattacks
Today, the UK government accused the Russian Federal Security Service of attempting to interfere in political processes through cyber attacks. Russian Ambassador Andrey Kelin has already been summoned to the British Foreign Office.
About the British accusations in the field of information and communication technologies.
On December 7 of this year, the Embassy's Minister-Counsellor was indeed invited to a meeting at the Foreign Office. Once again, Russia was accused of making up cyber attacks, including those allegedly related to the electoral processes in the UK. At the end of the meeting, it was also announced that illegitimate unilateral restrictions were imposed on two Russian citizens allegedly connected with these incidents.
In response, we stated that in the absence of concrete evidence, we have not the slightest reason to trust these insinuations. It was recalled that prior to the start of the special military operation in Ukraine, Russia repeatedly offered London to establish a professional dialogue on incidents of concern in the field of information and communication technologies (ICT). However, the British side always refused our proposals.
At the same time, as before, we would like to draw your attention to the fact that the National Computer Incident Coordination Center operates in Russia for these purposes, within the framework of which a hotline operates. Her phone number: +79169010742; email address: [email protected]. There is nothing easier than to contact these addresses in cases of suspicious computer activity. Similar mechanisms, and simultaneously with Russian and British participation, exist in the OSCE. And this is well known in the Foreign Office. This is a communication network used by the Conflict Prevention Center of the OSCE Secretariat.
However, instead of these elementary actions, the British Foreign Ministry loudly voices unfounded accusations based on myths extracted from mothballs, which existed for the most part in the period 2018-2019. It is clear that they were put forward for purely political, opportunistic purposes – in an attempt to provide the Conservative government with support on the eve of the elections, as well as to demonstrate to foreign partners the alleged British "leadership" on the anti-Russian front. Probably, all this is also intended to create additional advertising for the expensive British National Cyber Security Center, although we still have serious doubts about its ability to attribute such cyber attacks.
We would like to draw your attention to the fact that our earlier urgent demand to the British side to stop its aggressive policy aimed at militarizing the ICT space remains without any reaction from official London.
It is aimed at individuals and legal entities in the United States, the United Kingdom, and other allied and partner countries.
Treasury Undersecretary for Terrorism and Financial Intelligence Brian Nelson said the United States and the United Kingdom are standing together and steadfastly opposing the efforts of the Kremlin and its state-sponsored malicious cyber groups to target their democracies.
FSB uses phishing against US and UK
It is noted that the Kremlin uses the FSB to promote the interests of the Kremlin and attempts to undermine the interests of the United States, its allies and partners. The FSB uses its cyber capabilities to improve its espionage, influence, and intrusion campaigns.
The FSB unit is responsible for APT targeting the US and other countries. The FSB division, which is highly specialized in targeted phishing, has received several nicknames from private cybersecurity firms, including "Callisto" or "Callisto Group", "Seaborgium", "Coldriver", "Star Blizzard", "Spider Bear", "ReUse Team", "Dancing Straw", "BlueCharlie" and others.
The FSB's targeted phishing campaigns were designed to gain access to email accounts, maintain permanent access to accounts and related networks, and obtain and potentially leak sensitive information to further the Kremlin's political goals.
Who was sanctioned
The US Treasury Department reports that two people are involved in this targeted phishing activity, namely an FSB officer Ruslan Alexandrovich Peretyatko and an IT worker from Syktyvkar, Andrey Stanislavovich Korinets.
In the period from 2016 to 2020, Korinets fraudulently created and registered an infrastructure of malicious domains for targeted phishing campaigns of the FSB. He anonymously created shortened URL links that were embedded in phishing emails.
Koreshok created at least 39 domains through 5 different domain registrars, using aliases and fake addresses in an attempt to hide himself from the domains. From the moment of activation until the end of 2019, a fake email account designed to mimic a retired US Air Force general sent at least 20 targeted phishing emails, including domains created by Korinets.
Peretyatko used several email addresses that were created to mimic legitimate management accounts of well-known technology companies to send targeted phishing emails, some of which contained the domain infrastructure created by Korinets.
• Ruslan Aleksandrovich PERETYATKO, who is a Russian FSB intelligence officer and a member of Star Blizzard AKA the Callisto Group
• Andrey Stanislavovich KORINETS, AKA Alexey DOGUZHIEV, who is a member of Star Blizzard AKA the Callisto Group
Russian Cyberattacks
Today, the UK government accused the Russian Federal Security Service of attempting to interfere in political processes through cyber attacks. Russian Ambassador Andrey Kelin has already been summoned to the British Foreign Office.
About the British accusations in the field of information and communication technologies.
On December 7 of this year, the Embassy's Minister-Counsellor was indeed invited to a meeting at the Foreign Office. Once again, Russia was accused of making up cyber attacks, including those allegedly related to the electoral processes in the UK. At the end of the meeting, it was also announced that illegitimate unilateral restrictions were imposed on two Russian citizens allegedly connected with these incidents.
In response, we stated that in the absence of concrete evidence, we have not the slightest reason to trust these insinuations. It was recalled that prior to the start of the special military operation in Ukraine, Russia repeatedly offered London to establish a professional dialogue on incidents of concern in the field of information and communication technologies (ICT). However, the British side always refused our proposals.
At the same time, as before, we would like to draw your attention to the fact that the National Computer Incident Coordination Center operates in Russia for these purposes, within the framework of which a hotline operates. Her phone number: +79169010742; email address: [email protected]. There is nothing easier than to contact these addresses in cases of suspicious computer activity. Similar mechanisms, and simultaneously with Russian and British participation, exist in the OSCE. And this is well known in the Foreign Office. This is a communication network used by the Conflict Prevention Center of the OSCE Secretariat.
However, instead of these elementary actions, the British Foreign Ministry loudly voices unfounded accusations based on myths extracted from mothballs, which existed for the most part in the period 2018-2019. It is clear that they were put forward for purely political, opportunistic purposes – in an attempt to provide the Conservative government with support on the eve of the elections, as well as to demonstrate to foreign partners the alleged British "leadership" on the anti-Russian front. Probably, all this is also intended to create additional advertising for the expensive British National Cyber Security Center, although we still have serious doubts about its ability to attribute such cyber attacks.
We would like to draw your attention to the fact that our earlier urgent demand to the British side to stop its aggressive policy aimed at militarizing the ICT space remains without any reaction from official London.
