Access Now And Russian Civil Society Victims Help Take Down Russian Phishing Infrastructure

Today, the United States District Court for the District of Columbia unsealed a civil action brought by Microsoft’s Digital Crimes Unit (DCU), aimed at seizing and disrupting the digital infrastructure used by Russia-linked hacker group STAR BLIZZARD (also known as COLDRIVER, among other names) to target civil society and other actors. Access Now filed a legal statement supporting this civil action, which included statements from Russian civil society victims impacted by this hacking operation. Microsoft filed the lawsuit together with the NGO Information Sharing and Analysis Center (NGO-ISAC) and coordinated with the Department of Justice (DOJ), which simultaneously seized additional domains attributed to STAR BLIZZARD.

“This joint legal action is a powerful example of what can be accomplished when private companies, governments, and civil society join forces to protect vulnerable communities from cyber attacks,” said Natalia Krapiva, Senior Tech-Legal Counsel at Access Now. “We are grateful to Microsoft and NGO-ISAC for bringing this lawsuit, but also to the courageous victims who came forward and shared their stories and data that made this action possible. Access Now will continue working with partners to protect civil society from malicious actors and deliver justice and accountability for civil society victims who often bear the brunt of these attacks.”

In August, Access Now, in collaboration with the Citizen Lab at the Munk School of Global Affairs and Public Policy at the University of Toronto (“the Citizen Lab”), First Department, Arjuna Team, and RESIDENT.ngo, published an investigation that uncovered two separate spear-phishing campaigns targeting Russian and Belarusian nonprofit organizations, Russian independent media, international and U.S.-based NGOs active in Eastern Europe, and at least one former U.S. ambassador. One of the campaigns was attributed to STAR BLIZZARD (COLDRIVER). Since then, Access Now’s Digital Security Helpline has assisted more civil society individuals and organizations targeted by this threat actor.

“As more victims approached Access Now’s Digital Security Helpline for support after the release of our spear-phishing report, we have continued to work on STAR BLIZZARD cases that show how this threat actor has not slowed down; they remain active and persistent in their attacks,” said Hassen Selmi, Incident Response Lead at Access Now. “These cases also show that STAR BLIZZARD is evolving its tactics, increasing the success of their operations and putting more civil society victims at risk. The action by Microsoft and the Department of Justice is crucial in disrupting these malicious operations and protecting victims from being targeted in the future.”

If you believe you have been targeted by STAR BLIZZARD or other threat actors, follow the digital security recommendations outlined in our report and contact Access Now’s Digital Security Helpline, which is available to support members of civil society, including activists, media organizations, journalists, and human rights defenders, 24/7 in nine languages, including Russian.

© Scoop Media