US authorities have charged two hackers linked to Russia’s Federal Security Service (FSB) for allegedly running a years-long cyber-espionage campaign targeting government officials.
The Ministry of Justice supposed on Thursday that Ruslan Aleksandrovich Peretyatko, an FSB intelligence officer, and IT worker Andrey Stanislavovich Korinets attempted to compromise the computers of employees of several US government agencies, including the Department of Defense and the Department of Energy, between October 2016 and October 2022.
The indictment also alleges that the conspirators — commonly known as “Callisto Group” — targeted military and government officials, researchers and think tank staff, and journalists in the UK and elsewhere, using sophisticated spear-phishing emails purporting to come from email providers suggesting users had breached their terms of service.
These emails, which contained malicious domains created by the Callisto team to harvest victims’ credentials, allowed the conspirators to gain unauthorized access and obtain “valuable information” from victims’ accounts, which included relating to the defense, foreign affairs, and security of the United States. policies, according to the DOJ’s indictment.
Information obtained “from some of these targeted accounts” was also leaked to the press in Russia and the UK ahead of the 2019 British election, according to the Ministry of Justice, as part of a hacking and leaking disinformation campaign.
Earlier on Thursday, the British Govt was announced that it had also identified identified “ongoing unsuccessful attempts” by the FSB to interfere in UK political processes and sanctioned Peretyatko and Korinets for spear-phishing campaigns and related activity that “led to unauthorized access and exfiltration of sensitive data, with the aim of to undermine British organizations and the UK government more broadly.”
The UK’s National Cyber Security Centre, part of GCHQ, said the hackers were “almost certainly subordinates” of the FSB and selectively leaked information they received “in line with the objectives of the Russian confrontation, including undermining trust in politics in the UK and the like-minded states. .”
The US Treasury also announced sanctions against Peretyatko and Korinets, and the State Department is offering a $10 million reward for information leading to the identification and tracing of the men.
The Callisto Group, which is monitored as “Star Blizzard” by Microsoft and “Cold Driver” by Google’s Threat Analysis Group, is known for conducting long-running espionage campaigns against NATO countries, particularly the US and the UK. In May 2022, Google researchers is attributed a hack-and-leak operation at the group that saw a trove of emails and documents stolen and leaked from high-level Brexit supporters, including Sir Richard Dearlove, the former head of the UK’s foreign intelligence agency MI6.
