Microsoft Thwarts Russian ‘Spear Phishing’ Campaign Targeting 2024 Election

The Department of Justice (DOJ) and Microsoft have collaborated to disrupt a major Russian cyber campaign targeting the U.S. election.

With only one month left in the presidential race, signs of election meddling by Russia, China and Iran are prompting concern about the foreign influence over the American democratic process. However, the DOJ said the recent “public-private operational collaboration” leaves it in “a prime position to counter and defeat a broad range of cyber threats posed by adversaries.”

On Thursday, the DOJ unsealed a warrant authorizing the seizure of 41 internet domains, reportedly used by Russian intelligence agents to “commit computer fraud and abuse in the United States.”

Through the websites, the DOJ said that the state-sponsored actors had conducted a “sophisticated spear phishing campaign” – a targeted form of cyberattack that involves sending fraudulent emails to specific individuals, intended to trick recipients into divulging sensitive information, or to infect their devices with malware.

The targets of the campaign, which was conducted by hackers from the notorious Callisto Group, also known as Star Blizzard, were “the computers and email accounts of U.S. government and other victims,” the DOJ said.

“Today’s seizure of 41 internet domains reflects the Justice Department’s cyber strategy in action – using all tools to disrupt and deter malicious, state-sponsored cyber actors,” Deputy Attorney General Lisa Monaco said. “The Russian government ran this scheme to steal Americans’ sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials.”

The action coincided with Microsoft’s Digital Crimes Unit announcing that the DOJ had granted it control of a further 66 domains which the company said were involved in the same spear phishing operation.

“Between January 2023 and August 2024, Microsoft observed Star Blizzard target over 30 civil society organizations – journalists, think tanks, and non-governmental organizations – core to ensuring democracy can thrive,” the company said on Thursday.

“While we expect Star Blizzard to always be establishing new infrastructure, today’s action impacts their operations at a critical point in time when foreign interference in U.S. democratic processes is of utmost concern.”

Cyber attacks aimed at disrupting the democratic process have already emerged as a significant concern in the run-up to the 2024 election.

According to the Biden Administration and the DOJ, Russia’s efforts have so far involved spreading misinformation and disinformation through fake social media accounts and targeted phishing campaigns aimed at political parties and government institutions.

In early September, Attorney General Merrick Garland announced that two Russians had been charged in connection with a campaign to promote pro-Russian social media content to American audiences, aimed at securing Moscow’s “preferred outcome” in the race between former President Trump and Vice President Harris.

Cybersecurity firms also claim to have uncovered thousands of fake X accounts, suspected of being linked to Beijing, which were active in promoting fraudulent and divisive content concerning Harris.

On September 18, the U.S. intelligence community revealed that Iranian “malicious cyber actors” had attempted to steal sensitive, non-public information from the Trump-Vance campaign, which it then sent to individual’s associated with President Biden’s re-election campaign.

Do you have a story we should be covering? Do you have any questions about this article? Contact [email protected].