Justice Department Seizes 41 Internet Domains Used by Russian Intelligence in Cyber Fraud Scheme

The Justice Department announced today the unsealing of a warrant authorizing the seizure of 41 internet domains tied to Russian intelligence agents and their proxies. These domains were allegedly used to commit computer fraud and abuse across the United States. This move highlights the National Cybersecurity Strategy’s focus on public-private partnerships and demonstrates the department’s commitment to combating cyber threats. Concurrently, Microsoft filed a civil action to restrain 66 additional domains used by the same actors, further reinforcing the success of this operation.

Cyber Strategy in Action

Deputy Attorney General Lisa Monaco emphasized the importance of using all available tools to disrupt state-sponsored cyber activities. “The Russian government ran this scheme to steal Americans’ sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials. With the continued support of our private sector partners, we will relentlessly expose Russian actors and cybercriminals, depriving them of the tools of their illicit trade.”

Assistant Attorney General Matthew G. Olsen added, “This disruption exemplifies our ongoing efforts to expel Russian intelligence agents from the online infrastructure they have used to target individuals, businesses, and governments worldwide.”

Collaboration with the Private Sector

The FBI played a significant role in this operation. FBI Deputy Director Paul Abbate noted, “Working in close collaboration with public and private sector partners—in this case through the execution of domain seizures—we remain in a prime position to counter and defeat a broad range of cyber threats posed by adversaries.”

U.S. Attorney Ismail J. Ramsey for the Northern District of California highlighted the importance of cooperation. “This seizure is part of a coordinated response with our private sector partners to dismantle the infrastructure that cyber espionage actors use to attack U.S. and international targets.”

Callisto Group and Microsoft’s Response

The Callisto Group, a unit within the Russian Federal Security Service (FSB), allegedly used the seized domains to execute spear-phishing campaigns aimed at accessing sensitive U.S. government and private sector information. These campaigns targeted former U.S. government employees, defense contractors, and other key individuals.

Simultaneously, Microsoft filed a civil action targeting 66 domains linked to the Callisto Group. According to Microsoft Threat Intelligence, the group, tracked as “Star Blizzard” (formerly SEABORGIUM), launched spear-phishing campaigns against over 30 civil society entities, including journalists, think tanks, and NGOs, between January 2023 and August 2024.

Ongoing Investigations and Legal Action

The Justice Department’s affidavit details how the Callisto Group targeted U.S.-based companies, former U.S. Intelligence Community employees, and U.S. military contractors. FSB officers allegedly orchestrated the campaign, including Ruslan Aleksandrovich Peretyatko and Andrey Stanislavovich Korinets, who were indicted in 2023 for hacking into U.S., U.K., NATO, and Ukrainian networks.

The FBI’s San Francisco Field Office continues to investigate the case, which is being prosecuted by the U.S. Attorney’s Office for the Northern District of California and the National Security Cyber Section of the Justice Department’s National Security Division.

While the seizure of these domains is a significant step, it is part of a broader effort to confront cyber-enabled threats from Russia and other adversaries. As the legal proceedings continue, all defendants remain presumed innocent until proven guilty.

Case Details

This case is documented as Application by the United States for a Seizure Warrant for 41 Domain Names for Investigation of 18 U.S.C. § 1956(a)(2)(A) and Other Offenses, No. 4-24-71375 (N.D. Cal. Sept. 16, 2024).

The Justice Department’s actions today underscore its ongoing commitment to safeguarding U.S. interests from malicious cyber activities and protecting sensitive information from foreign adversaries.