Russian hackers accused of targeting U.S. intelligence community with spear phishing campaign

Washington — Russia-based hackers conducted a sophisticated cyber campaign against American intelligence officials, including contractors at the State and Defense Departments, as part of an international operation that included NATO members and Ukraine, the Justice Department alleged Thursday.

Prosecutors accused an officer in Russia’s Federal Security Service (FSB) and another co-defendant of carrying out a spear phishing campaign between October 2016 and October 2022 against current and former employees of the U.S. intelligence community, defense contractors and Energy Department facilities.

Ruslan Aleksandrovich Peretyatko — the FSB officer — and Andrey Stanislavovich Korinets, who are both part of an organization known as the Callisto Group, allegedly used spoof email accounts that appeared to be from legitimate individuals to trick victims into providing their login credentials in order to access their email accounts, according to a federal indictment unsealed in California. 

The two are charged with one count of conspiracy to commit computer fraud and abuse.

Think tank researchers and journalists in the United Kingdom and other Western nations were also targeted in the alleged Russian hacking campaign, investigators said, and Justice Department officials placed the blame squarely at the feet of the Russian government. 

“Through this malign influence activity directed at the democratic processes of the United Kingdom, Russia again demonstrates its commitment to using weaponized campaigns of cyber espionage against such networks in unacceptable ways,” Assistant Attorney General Matthew Olsen, head of the Justice Department’s National Security Division, said in a statement. 

Both defendants are currently wanted by the FBI and believed to be in Russia.

According to a Justice Department official, the FSB unit where Peretyatko works — FSB 18 — is supposed to act as a counterpart to the FBI’s cybersecurity arm, but in this case, it was utilized offensively in an attack, which poses a unique risk. And while U.S. officials say all nations engage in intelligence gathering, what sets this operation apart is FSB 18’s partnership with cybercriminals and its weaponization of information to destabilize democratic processes in the U.K. 

The FBI and other private entities will continue to track FSB 18’s work, the officials said Thursday, especially heading into the 2024 presidential election in the U.S. The investigation is ongoing. Federal investigators are conducting damage assessments on the information obtained by the hackers, the officials said. 

Earlier Thursday, the U.K. announced that it had detected “malicious cyber activity attempting to interfere in U.K. politics and democratic processes,” which its National Cyber Security Centre said was “part of a broader pattern of cyber activity conducted by the Russian Intelligence Services across the globe.”

NSCS, which is a part of the U.K.’s intelligence and security agency, GCHQ, said the activity included spear phishing lawmakers from multiple U.K. political parties that has been occurring since at least 2015, compromising and leaking U.K.-U.S. trade documents ahead of the 2019 U.K. election, and targeting journalists and non-governmental and civil society organizations.

It said the hackers, from a group called “Star Blizzard,” were “almost certainly subordinate to” the FSB, and had selectively leaked information they obtained “in line with Russian confrontation goals, including to undermine trust in politics in the U.K. and likeminded states.”

“Russia’s use of cyber operations to further its attempts at political interference is wholly unacceptable and we are resolute in calling out this pattern of activity with our partners,” Paul Chichester, NCSC director of operations, said in a statement. “Individuals and organizations which play an important role in our democracy must bolster their security and we urge them to follow the recommended steps in our guidance to help prevent compromises.”

Leo Docherty, minister for the U.K. Foreign Office, told British lawmakers that two individuals had been sanctioned and Russia’s ambassador had been summoned, CBS News partner network BBC News reported.

Leave a Reply

Your email address will not be published. Required fields are marked *