U.S. Government Seizes Internet Domains Linked to Russian Cyber Espionage
The Justice Department has unsealed a warrant for the seizure of 41 internet domains used by Russian intelligence operatives and their affiliates to execute computer fraud and abuse in the United States. This action is part of the National Cybersecurity Strategy, illustrating the Department’s dedication to a collaborative public-private effort to disrupt malicious cyber activities. Concurrently, Microsoft initiated a civil action to restrain 66 internet domains utilized by the same actors.
Deputy Attorney General Lisa Monaco emphasized the significance of the operation, stating, “Today’s seizure of 41 internet domains reflects the Justice Department’s cyber strategy in action – using all tools to disrupt and deter malicious, state-sponsored cyber actors. The Russian government ran this scheme to steal Americans’ sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials. With the continued support of our private sector partners, we will be relentless in exposing Russian actors and cybercriminals and depriving them of the tools of their illicit trade.”
Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division added, “This disruption exemplifies our ongoing efforts to expel Russian intelligence agents from the online infrastructure they have used to target individuals, businesses, and governments around the world. Working closely with private-sector partners such as Microsoft, the National Security Division uses the full reach of our authorities to confront the cyber-enabled threats of tomorrow from Russia and other adversaries.”
FBI Deputy Director Paul Abbate highlighted the importance of collaboration, stating, “Working in close collaboration with public and private sector partners—in this case through the execution of domain seizures — we remain in prime position to counter and defeat a broad range of cyber threats posed by adversaries. Our efforts to prevent the theft of information by state-sponsored criminal actors are relentless, and we will continue our work in this arena with partners who share our common goals.”
U.S. Attorney Ismail J. Ramsey for the Northern District of California noted, “This seizure is part of a coordinated response with our private sector partners to dismantle the infrastructure that cyber espionage actors use to attack U.S. and international targets. We thank all of our private-sector partners for their diligence in analyzing, publicizing, and combating the threat posed by these illicit state-coordinated actions in the Northern District of California, across the United States, and around the world.”
The seized domains were reportedly manipulated by the “Callisto Group,” an operational unit within the Russian Federal Security Service (FSB), to gain unauthorized access to computers and steal sensitive information through spear-phishing campaigns. These actions targeted U.S. government entities, former employees of the U.S. Intelligence Community, and other high-profile organizations.
Microsoft has also announced a civil action to seize 66 additional domains linked to the Callisto Group, known as “Star Blizzard” or formerly SEABORGIUM. Between January 2023 and August 2024, Microsoft observed Star Blizzard targeting over 30 civil society entities, including journalists and NGOs, through spear-phishing tactics.
The government alleges that Callisto Group aimed at U.S.-based companies, former and current Department of Defense and State employees, and U.S. military defense contractors. In December 2023, charges were filed against two Callisto-affiliated actors, Ruslan Aleksandrovich Peretyatko and Andrey Stanislavovich Korinets, for hacking into computer networks across multiple countries on behalf of the Russian government. Further details of the case are documented under Application by the United States for a Seizure Warrant for 41 Domain Names For Investigation of 18 U.S.C. § 1956(a)(2)(A) and Other Offenses, No. 4-24-71375 (N.D. Cal. Sept. 16, 2024).
The FBI San Francisco Field Office is leading the investigation, with the U.S. Attorney’s Office for the Northern District of California and the Justice Department’s National Security Cyber Section of the National Security Division prosecuting the case.
An affidavit in support of a seizure warrant and an indictment are merely allegations. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.
