The US Justice Department has indicted two individuals for launching spear phishing attacks against the US, the UK, Ukraine and various NATO member countries on behalf of the Russian government.
“The indictment…alleges the conspiracy targeted current and former employees of the U.S. Intelligence Community, Department of Defense, Department of State, defense contractors, and Department of Energy facilities between at least October 2016 and October 2022,” the Justice Department said in a press release.
“In addition, the indictment alleges the conspirators – known publicly by the name ‘Callisto Group’ – targeted military and government officials, think tank researchers and staff, and journalists in the United Kingdom and elsewhere, and that information from certain of these targeted accounts was leaked to the press in Russia and the United Kingdom in advance of U.K. elections in 2019.”
The individuals allegedly crafted tailored phishing attacks to steal victims’ credentials.
“As a common example, the conspirators used ‘spoofed’ email accounts designed to look like personal and work-related email accounts of the group’s targets,” the Justice Department says. “The conspirators allegedly also sent sophisticated looking emails that appeared to be from email providers suggesting users had violated terms of service. These messages were designed to trick victims into providing their email account credentials to false login prompts. Once the conspirators fraudulently obtained the victim’s credentials, they were able to use those credentials to access the victims’ email accounts at will.”
Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division stated, “The Russian government continues to target the critical networks of the United States and our partners, as highlighted by the indictment unsealed today. Through this malign influence activity directed at the democratic processes of the United Kingdom, Russia again demonstrates its commitment to using weaponized campaigns of cyber espionage against such networks in unacceptable ways. The Department of Justice will respond to such behavior with an even more determined commitment to disrupt those activities and to hold accountable the individuals responsible.”
KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
The US Justice Department has the story.