On October 3, 2024, the U.S. Department of Justice announced the confiscation of 107 internet domains associated with the ColdRiver hacker group, believed to be linked to the Russian Federal Security Service's Center-18. This operation aims to disrupt a sophisticated phishing campaign targeting U.S. government agencies, including the Pentagon and State Department.
According to Deputy Attorney General Lisa Monaco, the Russian government initiated this scheme to steal confidential information from Americans, using seemingly legitimate email accounts to deceive victims into revealing their credentials. The Justice Department's statement highlighted that 41 of the confiscated domains were likely used by Russian intelligence agents.
Additionally, Microsoft has filed a civil suit to seize 66 domains allegedly used by ColdRiver, also referred to as Star Blizzard, which has targeted over 30 civil society organizations, including journalists and NGOs, through phishing attacks since January 2023.
In December 2023, U.S. authorities charged two individuals believed to be members of ColdRiver for hacking networks in the U.S., UK, and other NATO countries. Both suspects are thought to be currently residing in Russia.
This crackdown on ColdRiver underscores the ongoing cyber threats posed by Russian state-sponsored groups and reflects the broader implications for international cybersecurity efforts.