U.S. authorities have indicted two hackers linked to Russia’s Federal Security Service (FSB) for allegedly carrying out a years-long cyber espionage campaign targeting government officials.
The Department of Justice alleged on Thursday that Ruslan Aleksandrovich Peretyatko, an officer with the FSB intelligence service, and IT worker Andrey Stanislavovich Korinets attempted to compromise the computers of employees at multiple U.S. government agencies, including the Department of Defense and Department of Energy, between October 2016 and October 2022.
The indictment also alleges that the conspirators — known publicly by the name “Callisto Group” — targeted military and government officials, think tank researchers and staff, and journalists in the United Kingdom and elsewhere, using sophisticated spear-phishing emails that purported to have come from email providers suggesting users had violated terms of service.
These emails, which contained malicious domains created by the Callisto Group to harvest victims’ credentials, enabled the conspirators to gain unauthorized access and take “valuable intelligence” from victim’s accounts, which has included intelligence related to United States defense, foreign affairs, and security policies, according to the DOJ’s indictment.
Information obtained “from certain of these targeted accounts” was also leaked to the press in Russia and the United Kingdom ahead of the U.K. elections in 2019, according to the DOJ, as part of a hack and leak disinformation campaign.
Earlier on Thursday, the U.K. government announced that it had also detected identified “sustained unsuccessful attempts” by the FSB to interfere in UK political processes and had sanctioned Peretyatko and Korinets for spear-phishing campaigns and associated activity that “resulted in unauthorized access and exfiltration of sensitive data, which was intended to undermine UK organizations and more broadly, the UK government.”
The U.K.’s National Cyber Security Center, part of GCHQ, said the hackers were “almost certainly subordinate to” the FSB and had selectively leaked information they obtained “in line with Russian confrontation goals, including to undermine trust in politics in the U.K. and likeminded states.”
The U.S. Treasury Department also announced sanctions against Peretyatko and Korinets, and the State Department is offering a $10 million reward for information leading to the identification and location of the men.
Callisto Group, tracked as “Star Blizzard” by Microsoft and “Cold Driver” by Google’s Threat Analysis Group, is well-known for conducting long-running espionage campaigns against NATO countries, particularly the U.S. and the United Kingdom. In May 2022, Google researchers attributed a hack-and-leak operation to the group that saw a trove of emails and documents stolen and leaked from high-level Brexit proponents, including Sir Richard Dearlove, the former head of the U.K. foreign intelligence service MI6.