An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

Home : News : News
NEWS | Dec. 11, 2023

US, Allies highlight Russian-state cyber actor “Star Blizzard” spear-phishing campaigns

By Cyber National Mission Force Public Affairs

U.S. Cyber Command’s Cyber National Mission Force, alongside interagency and foreign partners, issued a joint Cybersecurity Advisory highlighting advanced spear-phishing campaigns and tactics and techniques from the Russia-based malicious cyber actor Star Blizzard (formerly known as SEABORGIUM; also known as Callisto Group, TA446, COLDRIVER, TAG-53, and/or BlueCharlie).

The United Kingdom’s National Cyber Security Centre, joined by the Australian Cyber Security Centre, Canadian Centre for Cyber Security, New Zealand National Cyber Security Centre, and U.S. government interagency partners at the Cybersecurity and Infrastructure Security Agency, FBI, the National Security Agency, and CNMF, released the joint CSA, “Russia FSB cyber actor Star Blizzard continues worldwide spear-phishing campaigns,” Dec. 7, to raise public awareness of the specific and targeted spearphishing techniques used by Star Blizzard to target individuals and organizations.

Since 2019, the group, linked to Russian Federal Security Service Center 18, has targeted sectors including academia, defense, governmental organizations, non-governmental organizations, think tanks, and high-profile individuals. Targets in the U.K. and U.S. appear to have been most affected; however, their activities have also been observed against targets in various NATO countries and countries neighboring Russia.

Star Blizzard is known to use open-source resources to conduct reconnaissance, including social media and professional networking platforms, hooking their targets, building trust, and ultimately attempting to gain access to their targets’ email accounts. Once they gain access, Star Blizzard is known to set up mail forwarding rules, granting ongoing visibility of a victim’s correspondence and contact lists, utilizing this information and access for follow-on targeting and phishing activities.

Although spear-phishing is an established technique used by many actors, Star Blizzard has successfully evolved their use and technique to maintain this capability. Individuals and organizations from previously targeted sectors should be vigilant of the techniques above.

For more information on the group’s tactics and techniques, as well as mitigation actions, read the full report here.