Spear-phishing attacks executed by the Russian government-backed APT are being revealed because of a joint effort headed by the US cybersecurity organisation CISA. These campaigns target certain organisations such as academia, defence, governmental organisations, non-governmental organisations, and think tanks.
CISA and Western law enforcement agencies identified the cyber threat actor as Star Blizzard in a joint advisory. They exposed the ongoing operation and shared details about the breach in collaboration with Microsoft’s threat intelligence team.
The UK government has identified Ruslan Aleksandrovich Peretyatko and Andrey Stanislavovich Korinets as persons associated to Moscow’s intelligence service, the Federal Security Service (FSB). A prior US Congress study on Russian cyber forces cited Centre 18 as a vital hub managing FSB security and cyber activities, along with Centre 16.
The Foreign Office has taken serious measures, summoned the Russian ambassador and sanctioning a Russian intelligence official. The FSB’s Centre 18 unit has imposed sanctions on a ‘Star Blizzard’ group member.
There have been allegations that the FSB-affiliated hacking group is focusing on US and UK businesses. Security services warn that this malicious activity targets not only other NATO members but also those near Russia.
CISA stated the organisation’s research and preparation processes for targeted spear-phishing attacks in an alert:
During 2022, Star Blizzard activity appeared to expand further, to include defense-industrial targets, as well as US Department of Energy facilities. Star Blizzard has predominantly sent spear-phishing emails to targets’ personal email addresses, although they have also used targets’ corporate or business email addresses.
Attacks on personal email accounts, business email addresses, and corporate addresses around the UK have been the focus of many attempted cyberattacks that have targeted individuals, including well-known celebrities.
Persistent Spear-Phishing Attacks on Politicians
The criminal group has been using “spear-phishing” tactics since 2015 to target a significant number of lawmakers from different political parties by selectively leaking and publicising content. Mr. Docherty emphasised that the group has been using these strategies consistently in a statement to the Commons.
Phishing targets a significant number of people by using approaches such as attracting clients into clicking on malicious links. Spear-phishing, on the other hand, adopts a more focused approach, customising attacks to specific persons for a personalised scam.
According to UK Official statement regarding Star Blizzard group:
This information is used to undermine the West in various ways. This group has acquired a vast amount of data. It is very targeted – the number [of known hacks] is probably in the hundreds not thousands. We are coming towards an election year. We want to get this [hack and leak threat] more into the bloodstream – so people are more aware.
According to Microsoft:
An initial email will usually be sent asking to review a document, but without any attachment or link to the document. The threat actor will wait for a response, and following that, will send an additional message with either an attached PDF file or a link to a PDF file hosted on a cloud storage platform. The PDF file will be unreadable, with a prominent button purporting to enable reading the content.
The list of attacks published by the government includes the 2018 hack of the Institute for Statecraft research tank and the following leak of US-UK trade information. Former Labour leader Jeremy Corbyn used these resources throughout his 2019 general election campaign.
According to the Foreign Office, the founder of the think tank, Christopher Donnelly, experienced a cyberattack from the FSB in December 2021, which resulted in the disclosure of resources.
Although analysts agree that Star Blizzard has enhanced its evasion skills since 2022, the company’s main objective is still stealing email credentials from the same targets.
Foreign Secretary David Cameron strongly condemned Russia’s unacceptable meddling in UK politics, emphasising the damage to our democratic processes.
The announcement in the Commons agreed with Deputy Prime Minister Oliver Dowden’s address. In his speech, he warned that hackers are targeting significant government agencies such as the military, NHS, schools, and road and rail networks.
Phishing attacks are on the rise, and it is important to protect your organisation. One effective way to do this is by increasing user awareness about these types of attacks. Phishing Tackle is a great resource that can help you in this regard. They offer a free 14-day trial to help train your users to recognise and avoid phishing attacks.
Although technology can be helpful, it cannot spot 100% of phishing emails. Therefore, user education is important to minimising the impact of any successful attacks. Consulting with Phishing Tackle can provide valuable insights and tools to help you strengthen your defences against phishing attacks.