Washington – Russian-based hackers conducted a sophisticated cyber campaign against US intelligence officials, including State and Defense Department contractors, as part of an international operation that included NATO members and Ukraine, the Justice Department alleged Thursday.
Prosecutors accused an official of Russia’s Federal Security Service (FSB) and another co-defendant of conducting a spear-phishing campaign between October 2016 and October 2022 against current and former employees of the US intelligence community, defense contractors and Department of Energy facilities.
Ruslan Aleksandrovich Peretyatko – the FSB officer – and Andrey Stanislavovich Korinets, both part of an organization known as the Callisto Group, allegedly used fake email accounts that appeared to be from legitimate people to trick victims into provide their login details to access them. their email accounts, according to a federal indictment unsealed in California.
The two are charged with a single count of conspiracy to commit computer fraud and embezzlement.
Think tank researchers and journalists in the United Kingdom and other Western nations were also targeted in the alleged Russian hacking campaign, investigators said, and Justice Department officials laid the blame squarely at the feet of the Russian government.
“Through this malign influence activity targeting the democratic processes of the United Kingdom, Russia demonstrates once again its commitment to using weapons-based cyber espionage campaigns against such networks in unacceptable ways,” said Assistant Attorney General Matthew Olsen, head of the Justice Department’s National Security Division. , said in a statement.
Both defendants are currently wanted by the FBI and are believed to be in Russia.
According to a Justice Department official, the FSB unit where Peretyatko works – FSB 18 – was supposed to act as a counterpart to the FBI’s cyber security arm, but in this case it was used offensively in an attack that poses a unique risk. And while US officials say all nations engage in intelligence gathering, what sets this operation apart is FSB 18’s partnership with cybercriminals and its weaponization of information to destabilize democratic processes in Britain
The FBI and other private entities will continue to track FSB 18’s work, the officials said Thursday, especially heading into the 2024 U.S. presidential election. The investigation is ongoing. Federal investigators are conducting damage assessments on the information obtained by the hackers, the officials said.
Earlier on Thursday, Britain announced that it had detected “malicious cyber activity that sought to interfere with British politics and democratic processes”, which its National Cyber Security Center said was “part of a wider pattern of cyber activity carried out by the Russian intelligence services across the globe .”
The NSCS, which is part of Britain’s intelligence and security agency, GCHQ, said the activity included spear-phishing lawmakers from several UK political parties that has been taking place since at least 2015, compromising and leaking UK-US trade documents ahead of Britain in 2019 elections, and targeted journalists and non-governmental organizations and civil society organizations.
It said the hackers from a group called “Star Blizzard” were “almost certainly subordinate” to the FSB and had selectively leaked information they had obtained “in line with Russian confrontational objectives, including to undermine confidence in the politics of Britain and like-minded states.” “
“Russia’s use of cyber operations to further its attempts at political interference is completely unacceptable, and we are resolute in calling out this pattern of activity with our partners,” Paul Chichester, NCSC’s director of operations, said in a statement. “Individuals and organizations that play an important role in our democracy must strengthen their security, and we urge them to follow the recommended steps in our guidance to help prevent compromise.”
Leo Docherty, a British Foreign Office minister, told British lawmakers that two people had been sanctioned and Russia’s ambassador had been summoned, CBS News partner network BBC News reported.