Northern District of California Justice Department Disrupts Russian Intelligence SpearPhishing Efforts United States Department of Justice
pAn official website of the United States governmentppHeres how you knowpp
Official websites use gov
A gov website belongs to an official government organization in the United States
pp
Secure gov websites use HTTPS
A lock
Lock
Locked padlock
or https means youve safely connected to the gov website Share sensitive information only on official secure websites
ppWASHINGTON The Justice Department announced today the unsealing of a warrant authorizing the seizure of 41 internet domains used by Russian intelligence agents and their proxies to commit computer fraud and abuse in the United States As an example of the Departments commitment to publicprivate operational collaboration to disrupt such adversaries malicious cyber activities as set forth in the National Cybersecurity Strategy the Department acted concurrently with a Microsoft civil action to restrain 66 internet domains used by the same actorsppTodays seizure of 41 internet domains reflects the Justice Departments cyber strategy in action using all tools to disrupt and deter malicious statesponsored cyber actors said Deputy Attorney General Lisa Monaco The Russian government ran this scheme to steal Americans sensitive information using seemingly legitimate email accounts to trick victims into revealing account credentials With the continued support of our private sector partners we will be relentless in exposing Russian actors and cybercriminals and depriving them of the tools of their illicit tradeppThis seizure is part of a coordinated response with our private sector partners to dismantle the infrastructure that cyber espionage actors use to attack US and international targets said US Attorney Ismail J Ramsey for the Northern District of California We thank all of our privatesector partners for their diligence in analyzing publicizing and combating the threat posed by these illicit statecoordinated actions in the Northern District of California across the United States and around the worldppThis disruption exemplifies our ongoing efforts to expel Russian intelligence agents from the online infrastructure they have used to target individuals businesses and governments around the world said Assistant Attorney General Matthew G Olsen of the Justice Departments National Security Division Working closely with privatesector partners such as Microsoft the National Security Division uses the full reach of our authorities to confront the cyberenabled threats of tomorrow from Russia and other adversariesppWorking in close collaboration with public and private sector partnersin this case through the execution of domain seizures we remain in prime position to counter and defeat a broad range of cyber threats posed by adversaries said FBI Deputy Director Paul Abbate Our efforts to prevent the theft of information by statesponsored criminal actors are relentless and we will continue our work in this arena with partners who share our common goalsppThis case underscores the importance of the FBIs enduring partnerships with private sector companies which allow for rapid information sharing and coordinated action With these seizures weve disrupted a sophisticated cyber threat aimed at compromising sensitive government intelligence and stealing valuable information said FBI Special Agent in Charge Robert Tripp Todays success highlights the power of collaboration in safeguarding the United States against statesponsored cybercrimeppAccording to the partially unsealed affidavit filed in support of the governments seizure warrant the seized domains were used by hackers belonging to or criminal proxies working for the Callisto Group an operational unit within Center 18 of the Russian Federal Security Service the FSB to commit violations of unauthorized access to a computer to obtain information from a department or agency of the United States unauthorized access to a computer to obtain information from a protected computer and causing damage to a protected computer Callisto Group hackers used the seized domains in an ongoing and sophisticated spearphishing campaign with the goal of gaining unauthorized access to and steal valuable information from the computers and email accounts of US government and other victimsppIn conjunction Microsoft announced the filing of a civil action to seize 66 internet domains also used by Callisto Group actors Microsoft Threat Intelligence tracks this group as Star Blizzard formerly SEABORGIUM also known as COLDRIVER Between January 2023 and August 2024 Microsoft observed Star Blizzard target over 30 civil society entities and organizations journalists think tanks and nongovernmental organizations NGOs by deploying spearphishing campaigns to exfiltrate sensitive information and interfere in their activitiesppThe governments affidavit alleges the Callisto Group actors targeted among others United Statesbased companies former employees of the United States Intelligence Community former and current Department of Defense and Department of State employees United States military defense contractors and staff at the Department of Energy In December 2023 the Department announced charges against two Callistoaffiliated actors Ruslan Aleksandrovich Peretyatko Перетятько Руслан Александрович an officer in FSB Center 18 and Andrey Stanislavovich Korinets Коринец Андрей Станиславович The indictment charged the defendants with a campaign to hack into computer networks in the United States the United Kingdom other North Atlantic Treaty Organization member countries and Ukraine all on behalf of the Russian governmentppThe FBI San Francisco Field Office is investigating the caseppThe US Attorneys Office for the Northern District of California and the Justice Departments National Security Cyber Section of the National Security Division are prosecuting the caseppThe case is docketed at Application by the United States for a Seizure Warrant for 41 Domain Names For Investigation of 18 USC 1956a2A and Other Offenses No 42471375 ND Cal Sept 16 2024ppAn affidavit in support of a seizure warrant and an indictment are merely allegations All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law ppSAN FRANCISCO Tjoman Buditaslim Jose De Jesus Martinez and Jose Alfonso Tellez were sentenced today to 24 months 14 months and 12 months in prison respectively for their participationppSAN FRANCISCO Thomas Aaron Signorelli pleaded guilty today in federal court to one count of bank fraud two counts of wire fraud one count of conspiracy to commit wireppOAKLAND A federal grand jury indicted Avi Fogel now known as Avi King and Christos Chrestatos each with one count of conspiracy to commit wire fraud and four countsppNorthern District of CaliforniaMain OfficeFederal Courthouse450 Golden Gate AvenuePO Box 36055San Francisco CA 94102 ppSan Francisco 415 4367200TTY 415 4367221ppOakland 510 6373680San Jose 408 5355061 ppStay ConnectedppppHave a question about Government Servicesp
Official websites use gov
A gov website belongs to an official government organization in the United States
pp
Secure gov websites use HTTPS
A lock
Lock
Locked padlock
or https means youve safely connected to the gov website Share sensitive information only on official secure websites
ppWASHINGTON The Justice Department announced today the unsealing of a warrant authorizing the seizure of 41 internet domains used by Russian intelligence agents and their proxies to commit computer fraud and abuse in the United States As an example of the Departments commitment to publicprivate operational collaboration to disrupt such adversaries malicious cyber activities as set forth in the National Cybersecurity Strategy the Department acted concurrently with a Microsoft civil action to restrain 66 internet domains used by the same actorsppTodays seizure of 41 internet domains reflects the Justice Departments cyber strategy in action using all tools to disrupt and deter malicious statesponsored cyber actors said Deputy Attorney General Lisa Monaco The Russian government ran this scheme to steal Americans sensitive information using seemingly legitimate email accounts to trick victims into revealing account credentials With the continued support of our private sector partners we will be relentless in exposing Russian actors and cybercriminals and depriving them of the tools of their illicit tradeppThis seizure is part of a coordinated response with our private sector partners to dismantle the infrastructure that cyber espionage actors use to attack US and international targets said US Attorney Ismail J Ramsey for the Northern District of California We thank all of our privatesector partners for their diligence in analyzing publicizing and combating the threat posed by these illicit statecoordinated actions in the Northern District of California across the United States and around the worldppThis disruption exemplifies our ongoing efforts to expel Russian intelligence agents from the online infrastructure they have used to target individuals businesses and governments around the world said Assistant Attorney General Matthew G Olsen of the Justice Departments National Security Division Working closely with privatesector partners such as Microsoft the National Security Division uses the full reach of our authorities to confront the cyberenabled threats of tomorrow from Russia and other adversariesppWorking in close collaboration with public and private sector partnersin this case through the execution of domain seizures we remain in prime position to counter and defeat a broad range of cyber threats posed by adversaries said FBI Deputy Director Paul Abbate Our efforts to prevent the theft of information by statesponsored criminal actors are relentless and we will continue our work in this arena with partners who share our common goalsppThis case underscores the importance of the FBIs enduring partnerships with private sector companies which allow for rapid information sharing and coordinated action With these seizures weve disrupted a sophisticated cyber threat aimed at compromising sensitive government intelligence and stealing valuable information said FBI Special Agent in Charge Robert Tripp Todays success highlights the power of collaboration in safeguarding the United States against statesponsored cybercrimeppAccording to the partially unsealed affidavit filed in support of the governments seizure warrant the seized domains were used by hackers belonging to or criminal proxies working for the Callisto Group an operational unit within Center 18 of the Russian Federal Security Service the FSB to commit violations of unauthorized access to a computer to obtain information from a department or agency of the United States unauthorized access to a computer to obtain information from a protected computer and causing damage to a protected computer Callisto Group hackers used the seized domains in an ongoing and sophisticated spearphishing campaign with the goal of gaining unauthorized access to and steal valuable information from the computers and email accounts of US government and other victimsppIn conjunction Microsoft announced the filing of a civil action to seize 66 internet domains also used by Callisto Group actors Microsoft Threat Intelligence tracks this group as Star Blizzard formerly SEABORGIUM also known as COLDRIVER Between January 2023 and August 2024 Microsoft observed Star Blizzard target over 30 civil society entities and organizations journalists think tanks and nongovernmental organizations NGOs by deploying spearphishing campaigns to exfiltrate sensitive information and interfere in their activitiesppThe governments affidavit alleges the Callisto Group actors targeted among others United Statesbased companies former employees of the United States Intelligence Community former and current Department of Defense and Department of State employees United States military defense contractors and staff at the Department of Energy In December 2023 the Department announced charges against two Callistoaffiliated actors Ruslan Aleksandrovich Peretyatko Перетятько Руслан Александрович an officer in FSB Center 18 and Andrey Stanislavovich Korinets Коринец Андрей Станиславович The indictment charged the defendants with a campaign to hack into computer networks in the United States the United Kingdom other North Atlantic Treaty Organization member countries and Ukraine all on behalf of the Russian governmentppThe FBI San Francisco Field Office is investigating the caseppThe US Attorneys Office for the Northern District of California and the Justice Departments National Security Cyber Section of the National Security Division are prosecuting the caseppThe case is docketed at Application by the United States for a Seizure Warrant for 41 Domain Names For Investigation of 18 USC 1956a2A and Other Offenses No 42471375 ND Cal Sept 16 2024ppAn affidavit in support of a seizure warrant and an indictment are merely allegations All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law ppSAN FRANCISCO Tjoman Buditaslim Jose De Jesus Martinez and Jose Alfonso Tellez were sentenced today to 24 months 14 months and 12 months in prison respectively for their participationppSAN FRANCISCO Thomas Aaron Signorelli pleaded guilty today in federal court to one count of bank fraud two counts of wire fraud one count of conspiracy to commit wireppOAKLAND A federal grand jury indicted Avi Fogel now known as Avi King and Christos Chrestatos each with one count of conspiracy to commit wire fraud and four countsppNorthern District of CaliforniaMain OfficeFederal Courthouse450 Golden Gate AvenuePO Box 36055San Francisco CA 94102 ppSan Francisco 415 4367200TTY 415 4367221ppOakland 510 6373680San Jose 408 5355061 ppStay ConnectedppppHave a question about Government Servicesp
