Star Blizzard

Threat Actor updated 4 months ago (2024-05-05T01:17:42.000Z)

Download STIX

Preview STIX

Star Blizzard, also known as Seaborgium or the Callisto Group, is a threat actor linked to Russia's intelligence service, the FSB. The group has been involved in sophisticated cyber-attacks worldwide, primarily using spear-phishing campaigns to steal account credentials and data. Microsoft, which tracks this threat under the cluster name Star Blizzard, highlighted the gravity of the COLDRIVER credential theft situation, indicating an increase in the group's sophistication and evasion tactics. The UK National Cyber Security Centre (NCSC) and Microsoft have issued warnings about this Russian state-backed actor's activities, which have targeted organizations globally, including universities, public sector organisations, and international charities. The group's operations are tied to Centre 18, a unit within Russia’s Intelligence Services FSB, and are known for their unusual mix of espionage, disinformation, and fake pharma campaigns. These tactics bear similarities with those employed by the Russia-aligned espionage group Callisto. In December 2023, the US government indicted the group, highlighting its targeting of individuals and organizations involved in international affairs, defense, and logistics support to Ukraine, among others. Star Blizzard's operations have expanded over the years to include strategic attacks on U.S. supervisory control and data acquisition (SCADA) systems and critical infrastructure, including the U.S. Department of Energy facilities. Given the severity of the threat posed by Star Blizzard, international cooperation is required for an effective response. The Cyber National Mission Force, along with the FBI, Cybersecurity and Infrastructure Security Agency, and a cohort of international cyber authorities, published a joint cybersecurity advisory in December, warning about the group's advanced spear-phishing campaigns. The group uses open-source intelligence to perform reconnaissance against targets, customizing attacks for maximum effectiveness. With its recent focus on highly strategic and focused attacks, Star Blizzard represents a significant threat to global cybersecurity.

Description last updated: 2024-05-05T01:07:08.118Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Seaborgium	4	Seaborgium, also known as Star Blizzard, Callisto Group, COLDRIVER, and TAG-53, is a threat actor linked to suspected Russian threat activity groups. Open-source reporting has enabled Insikt Group to profile the infrastructure used by this group, revealing significant overlaps with other known malic
COLDRIVER	4	Coldriver, also known as Star Blizzard, (Blue) Callisto, Blue Charlie, and Seaborgium, is a notorious Russia-based cyber-espionage group believed to be linked to the Federal Security Service's (FSB) Centre 18. The group has been actively involved in numerous malicious activities, including disinform
Callisto	4	Callisto, also known as Gossamer Bear, COLDRIVER, UNC4057, Star Blizzard, Blue Charlie, and SEABORGIUM, is a threat actor linked to the Russian state. This group, which has been tracked by various entities including Microsoft, Google's Threat Analysis Group (TAG), and Insikt Group, is known for its
Callisto Group	3	The Callisto Group, identified as a threat actor, has been linked to significant cyber threats and malicious activities. This group, believed to be operating within Russia's Federal Security Service (FSB), has been accused of coordinating an operational malicious cyber unit, demonstrating the capabi
Proton	2	Proton is a malicious software or malware that exploits and damages computer systems, often infiltrating without the user's knowledge. It has been associated with suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom once it infects
Unc4057	2	UNC4057, also known as ColdRiver, Star Blizzard, Blue Charlie, and Callisto, is a Russian-backed advanced persistent threat (APT) group that has been active since 2019. This group, sponsored by the Federal Security Service (FSB), has been involved in various malicious activities on behalf of the Rus

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Phishing

Blizzard

Russia

Email Accounts

NCSC

Credentials

Outlook

Reconnaissance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Star Blizzard Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CISA	9 months ago	Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns
CERT-EU	9 months ago	U.S., Britain target 2 Russian hackers with sanctions, expose FSB-backed cyber conspiracy \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker
CERT-EU	8 months ago	Russia hacked ex-MI6 chief’s emails – what they reveal is more Dad’s Army than deep state \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker
BankInfoSecurity	5 months ago	US Cyber Command Expanded 'Hunt Forward' Operations in 2023
InfoSecurity-magazine	7 months ago	Russian Hackers Launch Email Campaigns to Demoralize Ukrainians
Malwarebytes	8 months ago	Coldriver threat group targets high-ranking officials to obtain credentials \| Malwarebytes
CERT-EU	8 months ago	ColdRiver threat group targeting critical infrastructure with backdoor attacks
InfoSecurity-magazine	8 months ago	Russian Coldriver Hackers Deploy Malware to Target Western Officials
CERT-EU	8 months ago	IT consultant in Germany fined for exposing shoddy security
CERT-EU	8 months ago	Russian FSB Hacking Group Turns to Malware \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	8 months ago	Russian Hackers Are Using PDF Tricks and Custom Malware to Target NATO \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
DARKReading	8 months ago	Google: Russia's ColdRiver APT Unleashes Custom 'Spica' Malware
CERT-EU	8 months ago	Russian COLDRIVER Hackers Expand Beyond Phishing with Custom Malware
CERT-EU	8 months ago	Russian threat group spreading backdoor through phishing, says Google \| IT World Canada News
CERT-EU	8 months ago	Russian Hackers Using Encrypted PDFs As a Ploy To Spread Malware \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
BankInfoSecurity	8 months ago	Google: Russian FSB Hacking Group Turns to Malware
CERT-EU	8 months ago	Google TAG: Kremlin cyber spies build a custom backdoor
CERT-EU	8 months ago	Google says Russian espionage crew behind new malware campaign \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	8 months ago	Fileless, Double Extortion, AI and More -- Virtualization Review \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	8 months ago	Russia's Sandworm blamed for Kyivstar telecom cyberattack