Microsoft: ‘Relentless’ Russia-Sponsored Hacking Group Has Been Disrupted

The Microsoft-DOJ effort has aimed to disrupt the group Star Blizzard—tied to Russia’s Federal Security Service (FSB)—which has been ‘targeting Microsoft customers globally.’

Microsoft disclosed details Thursday about a recent effort to disrupt the activities of a “relentless” Russia-linked threat group, which has targeted Microsoft customers worldwide including in the U.S., the company said.

The joint effort with the U.S. Department of Justice targeted the nation-state threat actor tracked by Microsoft as Star Blizzard, the company said in a blog post. Star Blizzard has been connected by Western governments to Russia’s Federal Security Service (FSB).

[Related: Microsoft Expands Notices To Customers Over Russia-Linked Email Hack]

Microsoft’s Digital Crimes Unit and the DOJ recently succeeded in taking down key technical infrastructure used by the group, according to the post from Microsoft’s Steven Masada.

The effort has included coordinating the seizing of more than 100 domains used by Star Blizzard “in cyberattacks targeting Microsoft customers globally,” according to the post from Masada, assistant general counsel at the Microsoft Digital Crimes Unit.

“Between January 2023 and August 2024, Microsoft observed Star Blizzard target over 30 civil society organizations — journalists, think tanks, and non-governmental organizations (NGOs) core to ensuring democracy can thrive — by deploying spear-phishing campaigns to exfiltrate sensitive information and interfere in their activities,” he wrote.

In all, since January 2023, Microsoft “has identified 82 customers targeted by this group, at a rate of approximately one attack per week,” Masada said. “This frequency underscores the group’s diligence in identifying high-value targets, crafting personalized phishing emails, and developing the necessary infrastructure for credential theft.”

He noted that while it’s fully anticipated that the group will adopt new infrastructure, “today’s action impacts their operations at a critical point in time when foreign interference in U.S. democratic processes is of utmost concern.”

The effort comes as other state-sponsored hacking activities have been answered with successful disruption initiatives involving the U.S. government.

Most recently, in September, federal agencies said they had disrupted a massive campaign linked to China that targeted U.S. networks through compromising devices including routers and firewalls. The FBI, NSA and Cyber National Mission Force (CNMF) indicated that the China-linked attackers had compromised more than 260,000 devices as of June.