A hacking group linked to Russian intelligence, known as Star Blizzard, has been identified by Microsoft and U.S. authorities for attempting to infiltrate the systems of numerous Western think tanks, journalists, and former military and intelligence officials. The group employed sophisticated tactics, such as spear phishing emails that appeared to be from trusted sources, to gain access to internal systems, steal information, and disrupt activities.
Star Blizzard's targets included civil society groups, U.S. companies, American military contractors, and the Department of Energy, which oversees nuclear programs. Microsoft and the Department of Justice were authorized by a U.S. court to seize over 100 website domain names associated with Star Blizzard, following a lawsuit filed against the group.
While the effectiveness of Star Blizzard's actions has not been detailed, authorities anticipate ongoing cyberattacks from Russia against the U.S. and its allies. The group has been linked to Russia's Federal Security Service (FSB) and has a history of cyberespionage campaigns, including targeting U.K. lawmakers.
Microsoft reported observing Star Blizzard's hacking attempts against 30 different groups since January 2023, highlighting the group's adaptability and ability to obfuscate its identity. U.S. authorities previously charged two Russian men in connection with Star Blizzard's activities, both believed to be in Russia.
Star Blizzard's targets extended beyond the U.S., with individuals and groups in Europe and other NATO countries also being pursued. Many of these targets had shown support for Ukraine following Russia's invasion. The Russian Embassy in Washington did not immediately respond to requests for comment on the matter.