Man
Professional
- Messages
- 3,223
- Reaction score
- 915
- Points
- 113
WASHINGTON, October 3. /TASS/. US authorities have confiscated dozens of Internet domains that, according to the United States, were allegedly used by Russian intelligence agents. This is stated in a statement by the US Department of Justice.
According to this information, the Ministry of Justice confiscated 41 domains associated with the Callisto hacker group allegedly working for the FSB, and also assisted Microsoft in the confiscation of another 66 domains that were used by the same individuals.
US Deputy Attorney General Lisa Monaco claimed that the Russian authorities allegedly used these domains to steal confidential data of Americans. In a statement, the US Department of Justice claims that hackers used a phishing scheme in order to gain unauthorized access and steal information from computers and accounts, including those associated with the US government.
• Source: https://www.justice.gov/opa/pr/just...s-russian-intelligence-spear-phishing-efforts
• Source: https://blogs.microsoft.com/on-the-...g-democratic-institutions-from-cyber-threats/
• Source: https://storage.courtlistener.com/recap/gov.uscourts.cand.436552/gov.uscourts.cand.436552.7.0.pdf
• Source: https://noticeofpleadings.com/starb...24 [01][SEALED] Complaint with Appendices.pdf
Used for spear phishing by the Star Blizzard group or the Callisto Group in December, the UK and US accused it of having links to the FSB.
UK
The United Kingdom, together with its Five Eyes partners (the United States, Canada, Australia and New Zealand), has brought accusations against Russia of years of trying to interfere in its internal political processes. It is emphasized that these attempts were unsuccessful.
Specifically, we are talking about a cyber group called Star Blizzard (as well as SEABORGIUM, COLDRIVER, etc.), which, according to the British, is almost certainly connected to the FSB.
In particular, she is accused of phishing attacks on parliamentarians that have been going on since 2015, of stealing and leaking documents on British-American trade in the run-up to the 2019 elections, and hacking of the non-governmental organization Institute for Statecraft.
The BBC adds that British officials have already met with the minister-counselor of the Russian embassy, expressing deep concern about the alleged cyberattacks.
The embassy responded by saying that Russia "has not the slightest reason to trust these insinuations" and called them an attempt to "provide support to the Conservative government on the eve of the elections, as well as to demonstrate to foreign partners the imaginary British 'leadership' on the anti-Russian front."
At the same time as British sanctions against two people who are associated with cyberattacks, the United States also brought charges against them.
Earlier, the same group apparently came to the attention of Reuters in January of this year in the context of a phishing campaign targeting American nuclear scientists.
• Source: https://www.gov.uk/government/news/...rference-in-politics-and-democratic-processes
• Source: https://www.justice.gov/opa/pr/two-...eral-security-service-charged-global-computer
USA
An American indictment has been published against the same persons who fell under British sanctions. It doesn't matter whether you agree with the accusations or consider them uncredible insinuations, the document is very interesting. It can be read as a basic guide to spear phishing, since similar techniques are apparently used by other specialists in social phishing.
The attackers used fake domains and email addresses such as en-microsofl[.] live and msn.365[.] top[@]icloud[.] There is also a case in which an email was created to communicate with an official, mimicking the address of a journalist who writes about national security and has ties to the intelligence community.
Short link services were widely used to disguise malicious links. By the way, the document emphasizes that it was the American service that was used - probably the investigators could have obtained data from this company.
To disguise themselves, the attackers also rented virtual servers and connected via VPN.
Various techniques are described. For example, attackers sent an email to the victim mentioning the attached file, but there was no attachment in the email. If the adreThe sat answered and clarified about the file, then even then a malicious document was sent to him.
Phishing emails were often mimicked as account security warnings. The victim was lured to a fake website designed to steal credentials.
A case is described when one of the victims (an employee of the Ministry of Energy) followed a phishing link and entered a username and password, thus giving the attackers access to her mailbox. In order to maintain access for as long as possible, they set up a rule in the mail, according to which all notifications from the IT department would be automatically moved to the "Deleted" folder so that the employee would not see possible warnings about unauthorized connections to the mailbox.
All these details can be perfectly applied when training employees and setting up protection tools.
Source
According to this information, the Ministry of Justice confiscated 41 domains associated with the Callisto hacker group allegedly working for the FSB, and also assisted Microsoft in the confiscation of another 66 domains that were used by the same individuals.
US Deputy Attorney General Lisa Monaco claimed that the Russian authorities allegedly used these domains to steal confidential data of Americans. In a statement, the US Department of Justice claims that hackers used a phishing scheme in order to gain unauthorized access and steal information from computers and accounts, including those associated with the US government.
• Source: https://www.justice.gov/opa/pr/just...s-russian-intelligence-spear-phishing-efforts
• Source: https://blogs.microsoft.com/on-the-...g-democratic-institutions-from-cyber-threats/
• Source: https://storage.courtlistener.com/recap/gov.uscourts.cand.436552/gov.uscourts.cand.436552.7.0.pdf
• Source: https://noticeofpleadings.com/starb...24 [01][SEALED] Complaint with Appendices.pdf
Used for spear phishing by the Star Blizzard group or the Callisto Group in December, the UK and US accused it of having links to the FSB.
UK
The United Kingdom, together with its Five Eyes partners (the United States, Canada, Australia and New Zealand), has brought accusations against Russia of years of trying to interfere in its internal political processes. It is emphasized that these attempts were unsuccessful.
Specifically, we are talking about a cyber group called Star Blizzard (as well as SEABORGIUM, COLDRIVER, etc.), which, according to the British, is almost certainly connected to the FSB.
In particular, she is accused of phishing attacks on parliamentarians that have been going on since 2015, of stealing and leaking documents on British-American trade in the run-up to the 2019 elections, and hacking of the non-governmental organization Institute for Statecraft.
The BBC adds that British officials have already met with the minister-counselor of the Russian embassy, expressing deep concern about the alleged cyberattacks.
The embassy responded by saying that Russia "has not the slightest reason to trust these insinuations" and called them an attempt to "provide support to the Conservative government on the eve of the elections, as well as to demonstrate to foreign partners the imaginary British 'leadership' on the anti-Russian front."
At the same time as British sanctions against two people who are associated with cyberattacks, the United States also brought charges against them.
Earlier, the same group apparently came to the attention of Reuters in January of this year in the context of a phishing campaign targeting American nuclear scientists.
• Source: https://www.gov.uk/government/news/...rference-in-politics-and-democratic-processes
• Source: https://www.justice.gov/opa/pr/two-...eral-security-service-charged-global-computer
USA
An American indictment has been published against the same persons who fell under British sanctions. It doesn't matter whether you agree with the accusations or consider them uncredible insinuations, the document is very interesting. It can be read as a basic guide to spear phishing, since similar techniques are apparently used by other specialists in social phishing.
The attackers used fake domains and email addresses such as en-microsofl[.] live and msn.365[.] top[@]icloud[.] There is also a case in which an email was created to communicate with an official, mimicking the address of a journalist who writes about national security and has ties to the intelligence community.
Short link services were widely used to disguise malicious links. By the way, the document emphasizes that it was the American service that was used - probably the investigators could have obtained data from this company.
To disguise themselves, the attackers also rented virtual servers and connected via VPN.
Various techniques are described. For example, attackers sent an email to the victim mentioning the attached file, but there was no attachment in the email. If the adreThe sat answered and clarified about the file, then even then a malicious document was sent to him.
Phishing emails were often mimicked as account security warnings. The victim was lured to a fake website designed to steal credentials.
A case is described when one of the victims (an employee of the Ministry of Energy) followed a phishing link and entered a username and password, thus giving the attackers access to her mailbox. In order to maintain access for as long as possible, they set up a rule in the mail, according to which all notifications from the IT department would be automatically moved to the "Deleted" folder so that the employee would not see possible warnings about unauthorized connections to the mailbox.
All these details can be perfectly applied when training employees and setting up protection tools.
Source
