The US has backed up the UK’s recent accusations against Russia by adding its name to an official warning of mass spear-phishing against designated targets by nation-state threat actors.
The UK released a statement yesterday, accusing Russia of spying on politicians, civil servants, and journalists since at least 2015. In response, it has summoned the Kremlin ambassador while sanctioning Ruslan Aleksandrovich Peretyatko and Andrey Stanislavovich Korinets, described as belonging to a Russian espionage group known as Star Blizzard.
That same day, the National Security Agency (NSA) said it was joining the UK’s National Cyber Security Center (NCSC) in releasing an advisory “to raise awareness of the specific spear-phishing techniques used by Star Blizzard to target individuals and organizations, including the US government and defense industrial base, and to provide guidelines to protect against the continued threat.”
Star Blizzard is said to be a subsection of the mysterious Center 18, itself said to be answerable to the Russian Federal Security Service (FSB), Russia’s intelligence agency, and the successor to the infamous Cold War-era KGB.
The NSA described Star Blizzard as an organization with links to the FSB “that targets specific individuals or groups perceived to have direct access to information of interest to Russia.”
It says these targets include government bodies, the defense industry, academia, think tanks, NGOs, and politicians in the US, UK, and other NATO countries.
Russia’s bristling spears
“Russia continues to be a threat,” added the NSA. “They continue to successfully use known spear-phishing techniques for intelligence gathering. Those at risk should note that the FSB likes to target personal email accounts, where they can still get to sensitive information but often with a lower security bar.”
The NSA endorsed an advisory report by the NCSC that offers advice to potential targets on how to ward off politically motivated spear phishing attacks, essentially an online confidence trick aimed at a specific person, usually via email.
The NCSC advisory says that Star Blizzard relies on a combination of open-source, freely available web resources to conduct its espionage.
“Using open-source resources to conduct reconnaissance, including social media and professional networking platforms, Star Blizzard identifies hooks to engage their target,” said the NCSC. “They take the time to research their interests and identify their real-world social or professional contacts.”
It added: “Star Blizzard creates email accounts impersonating known contacts of their targets to help appear legitimate. They also create fake social media or networking profiles that impersonate respected experts and have used supposed conference or event invitations as lures.”
Five Eyes move welcomed
Adam Meyers, head of counter adversary operations at cybersecurity intelligence analyst CrowdStrike, welcomed the move by the Five Eyes grouping of Anglosaxon nations and told Cybernews that the US has also put Peretyatko and Korinets on its sanctions list.
“As part of this coordinated action, the UK and US sanctioned Russian nationals Ruslan Peretyatko and Andrey Korinets,” he said. “The US Department of Justice indicted those same individuals for their roles in malicious domain registration and spear-phishing campaigns.”
The US Department of Justice (DoJ) yesterday unsealed the indictment against the two men, declaring that Peretyatko and Korinets "employed a sophisticated spear-phishing campaign to gain unauthorized, persistent access into victims' computers and email accounts."
Assistant attorney general Matthew Olsen of the DoJ’s National Security Division said: “Through this malign influence activity directed at the democratic processes of the United Kingdom, Russia again demonstrates its commitment to using weaponized campaigns of cyber espionage against such networks in unacceptable ways.”
Meyers added: “CrowdStrike applauds the collaboration of the Five Eyes to bring nefarious threat actors such as these to justice, as acts like this highlight the criticality of information-sharing across nations focused on maintaining the integrity of democracy.”
More from Cybernews:
Subscribe to our newsletter