Russian hackers accused of targeting US, UK intelligence in coordinated cyber campaign

The U.S. Justice Department has leveled accusations against Russian hackers for orchestrating a sophisticated spear phishing campaign against the U.S. intelligence community. The cyber operation, spanning from October 2016 to October 2022, allegedly involved the targeting of current and former U.S. intelligence employees, defense contractors, and Energy Department facilities.

The accused individuals, Ruslan Aleksandrovich Peretyatko, identified as an officer in Russia’s Federal Security Service (FSB), and Andrey Stanislavovich Korinets, associated with the Callisto Group, are alleged to have utilized deceptive email accounts to trick victims into revealing their login credentials. Both perpetrators are facing charges of conspiracy to commit computer fraud and abuse.

The Justice Department asserts that the Callisto Group’s activities extended beyond the United States, targeting think tank researchers and journalists in the United Kingdom and other Western nations. Assistant Attorney General Matthew Olsen explicitly blamed the Russian government, stating that Russia’s cyber espionage campaigns aim to influence democratic processes in an unacceptable manner.

Peretyatko, affiliated with FSB 18—a unit meant to function as a counterpart to the FBI’s cybersecurity arm—deviated from its defensive role, raising concerns. The collaboration between FSB 18 and cybercriminals, coupled with the weaponization of information, distinguishes this operation. U.S. officials highlight ongoing surveillance of FSB 18’s activities, particularly in light of the approaching 2024 U.S. presidential election.

Simultaneously, the U.K. has reported detecting malicious cyber activity attempting to interfere in its political landscape. The National Cyber Security Centre (NCSC) attributes this to a broader pattern of cyber activity by Russian Intelligence Services. The group responsible, named “Star Blizzard,” is believed to be linked to the FSB, selectively leaking information to undermine trust in politics in the U.K. and allied states.

The NCSC, a part of the U.K.’s intelligence and security agency, GCHQ, noted the group’s spear phishing of lawmakers, compromising and leaking trade documents in the lead-up to the 2019 U.K. election, and targeting journalists and civil society organizations since 2015. The UK has responded by sanctioning two individuals and summoning Russia’s ambassador in condemnation of the unacceptable use of cyber operations for political interference.