In a joint effort, the United States and the United Kingdom have taken significant action against two individuals believed to have been involved in hacking activities orchestrated by Russia’s FSB security service. The charges and sanctions highlight the ongoing threat posed by state-sponsored cyber actors and the determination of international partners to hold them accountable.
Microsoft and the Five Eyes report on a Russian state-sponsored APT called Star Blizzard
In a parallel development, Microsoft and the Five Eyes security agencies have released reports exposing the activities of a Russian state-sponsored Advanced Persistent Threat (APT) group. This group, known by various aliases including Star Blizzard, Callisto Group, BlueCharlie, TA446, ColdRiver, and Dancing Salome, has been identified as an ongoing threat to numerous sectors.
Overview of the threat actor and their targets
The identified threat actor, believed to be associated with the FSB’s Centre 18 unit, has been implicated in targeting a wide range of organizations, including academia, defense firms, governments, NGOs, and think tanks in the United States, the United Kingdom, and other NATO countries. Their activities span both cyber espionage operations and influence campaigns, with a particular focus on interfering in democratic processes, as evidenced by their attempts to disrupt the 2019 elections in the United Kingdom.
Details of the cyber espionage and influence campaigns conducted by the hackers
The hackers, acting on behalf of the FSB, have undertaken a range of cyberespionage activities with a focus on collecting sensitive information from various government agencies. Their targets have included the intelligence community, Department of Defense and defense contractors, Department of State, and Department of Energy facilities. This systematic campaign of data theft poses a significant threat to national security and highlights the need for robust cybersecurity measures.
The US Justice Department announces charges against Russian nationals Peretyatko and Korinets
The US Justice Department has formally charged two Russian nationals, Ruslan Aleksandrovich Peretyatko and Andrey Stanislavovich Korinets, for their alleged involvement in illicit cyber activities linked to the FSB. Peretyatko, an FSB officer, and Korinets, described as a cybercriminal involved with the Callisto attacks, are accused of conspiring to commit computer fraud.
Roles of Peretyatko and Korinets in the FSB operations
Peretyatko played a central role as an FSB officer, coordinating and executing cyber operations, while Korinets is believed to have facilitated the Callisto group’s activities by managing the registration of malicious domains used in their attacks. Their involvement highlights the interconnectedness of state-sponsored actors and criminal underground organizations, forming a dangerous alliance with significant ramifications for global cybersecurity.
Charges have been filed against the individuals, and potential prison sentences are being considered
Both Peretyatko and Korinets face serious charges, including conspiracy to commit an offense against the United States, specifically computer fraud. If convicted, Peretyatko could face a maximum sentence of up to five years in prison, while Korinets could face up to ten years. However, it remains uncertain whether these individuals will ever be brought to justice in the United States.
There are slim chances of bringing the suspects to justice in the US
While the charges brought against Peretyatko and Korinets demonstrate the commitment of the US Justice Department in addressing cyber threats, the probability of extraditing these individuals from Russia to face trial in the US is slim. Historically, Russia has been reluctant to extradite its citizens, especially those accused of engaging in state-sponsored activities.
Targeted government agencies and departments between 2016-2022
The Justice Department’s investigation has revealed that the hackers targeted a breadth of government agencies and departments over a period spanning from 2016 to 2022. The gravity of their intrusions into the intelligence community, Defense and Energy departments, and defense contractors underscores the persistent and evolving nature of state-sponsored cyber attacks.
Announcement of sanctions by both the US and UK against Peretyatko and Korinets
In addition to the charges filed, both the United States and the United Kingdom have imposed sanctions on Peretyatko and Korinets for their alleged participation in these malicious cyber activities. These sanctions signify a unified stance against state-sponsored hacking, aiming to isolate those involved and deter future cyber intrusions.
The charges and sanctions brought against Peretyatko and Korinets represent a significant step taken by the United States and the United Kingdom to counter state-sponsored cyber threats. While highlighting the specific activities attributed to the accused individuals, these actions also serve as a broader warning to state actors engaging in cyber espionage and influence campaigns. The international community must continue to work collaboratively to protect critical infrastructure, defend against cyber threats, and hold accountable those who seek to compromise global security.