Skip to main content

Russian cybergroup Star Blizzard unleashes global spear-phishing attack

A Russian hacking group with ties to the Kremlin is on the attack, using links from innocent websites to target sources with information, including the U.S. government.

A Russian hacking group tied to the Kremlin has unleashed a global attack. They are using what appear to be links to innocent websites to steal information.

These hackers from Star Blizzard, which formerly operated as SEABORGIUM, are also known as Callisto Group/TA446/COLDRIVER/TAG-53/BlueCharlie.

The dangerous group is targeting anyone who might have information they can use. They're even going after the U.S. government.

CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS, AND EASY HOW-TO’S TO MAKE YOU SMARTER

Who Star Blizzard has attacked so far

So far, Star Blizzard has attacked people tied to academics, defense, government organizations and more in both the U.S. and the U.K. According to the U.S. Cybersecurity and Infrastructure Security Agency, the group is also targeting NATO members and countries near China.

What is spear-phishing

Spear-phishing is an attack where hackers target specific groups or individuals. They think their victims either have the information they want or have direct access to it. In this case, we don't know what information Star Blizzard wants. However, we do know how their operation works.

10 SIGNS YOUR IDENTITY HAS BEEN COMPROMISED

MORE: HOW TO OUTSMART CRIMINAL HACKERS BY LOCKING THEM OUT OF YOUR DIGITAL ACCOUNTS

How Star Blizzard hackers use social engineering to trick you

According to the CISA, Star Blizzard hackers will use social media and networking platforms to stalk their victims. They'll take their time to really get to know their target.

They'll then create fake email accounts such as Outlook, Gmail, and others, plus social media profiles to impersonate your close contacts or experts. Hackers will even go so far as to create malicious websites that appear to be legitimate to fool you. And the CISA says there have been cases where attackers have created fake event invitations to lure their victims.

The trap of Star Blizzard hackers

From there, they'll reach out to you and begin to draw you into their trap. Usually, they'll look for common interests to help spark a conversation. Hackers will then send a malicious link, posing as a Google Drive, OneDrive, or another link where you'd have to log on to a platform. According to Microsoft, some of the common URLs that Star Blizzard hackers use look like this (for safety reasons the exact URL has been modified):

These URLs may look legitimate, but they are actually designed to trick you into entering your credentials or downloading malicious files. You should never click on any link that you receive from an unknown or suspicious source.

RUSSIAN GROUP ACCUSED OF TARGETING UK POLITICIANS IN MALICIOUS EMAIL-HACKING CAMPAIGN

If you do, the hackers can steal your information as soon as you type it in, download it, or click a malicious file or link. Once you do this then they have full access to your account. From there, your information is theirs to have and use.

MORE: THE NEW IPHONE SECURITY THREAT THAT ALLOWS HACKERS TO SPY ON YOUR PHONE

How you can protect yourself from Star Blizzard hackers

Be careful about clicking on links in emails or messages from unknown or suspicious sources, especially on social media and networking platforms, as that's how Star Blizzard hackers like to stalk their victims. They might lead you to malicious websites that can steal your information or infect your device with malware.

Verify the identity of the sender before opening any attachments or downloading any files. You can do this by checking their email address, social media profile, or other online presence. If you are not sure, you can contact them through another channel to confirm.

Use strong and unique passwords for your online accounts and change them regularly. Be sure to use separate passwords for email accounts and try to avoid re-using the same passwords over and over again. Using the same password across multiple platforms will always make you more vulnerable because if one account gets hacked, they all get hacked. You can also use a password manager to store and generate secure passwords for you. This way, you can prevent cybercriminals like Star Blizzard hackers from accessing your accounts if they compromise one of them.

Enable two-factor authentication (2FA) for your online accounts whenever possible. This adds an extra layer of security by requiring a code or a device to log in. This way, even if the Russian hacking group gets your password, they won’t be able to access your account without the second factor.

Keep your software and devices updated with the latest security patches and updates. This can help you fix any vulnerabilities or bugs that Star Blizzard hackers might exploit.

Have good antivirus software on all your devices: The best way to protect yourself from having your data breached is to have antivirus protection installed on all your devices. Having good antivirus software actively running on your devices will alert you of any malware in your system, warn you against clicking on any malicious links in phishing emails, and ultimately protect you from being hacked by Star Blizzard hackers.

Get my picks for the best 2023 antivirus protection winners for your Windows, Mac, Android & iOS devices.

I've been scammed by Star Blizzard hackers! What to do next?

Below are some next steps if you find you or your loved one is a victim of identity theft.

1) If you can regain control of your accounts, change your passwords and inform the account provider.

2) Look through bank statements and checking account transactions to see where outlier activity started.

3) Use a Fraud protection service. Identity Theft companies can monitor personal information like your Social Security Number, phone number, and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

Some of the best parts of using an identity theft protection service include identity theft insurance to cover losses and legal fees and a white glove fraud resolution team where a US-based case manager helps you recover any losses. See my review for Best identity theft protection services 2023 here.

4) Report any breaches to official government agencies like the Federal Communications Commission.

5) You may wish to get the professional advice of a lawyer before speaking to law enforcement, especially when you are dealing with criminal identity theft, and if being a victim of criminal identity theft leaves you unable to secure employment or housing

6) Alert all three major credit bureaus and possibly place a fraud alert on your credit report.

7) Run your own background check or request a copy of one if that is how you discovered your information has been used by a criminal.

If you are a victim of identity theft, the most important thing to do is to take immediate action to mitigate the damage and prevent further harm.

Kurt's key takeaways

Let's take a step back and look at the big picture: a Russian hacker group connected to the Kremlin is breaking into Americans' computers and stealing our information. With global strife growing, it's important we protect ourselves on all fronts, including the cyberfront. Make sure you're protected by using antivirus software, a password manager, and other tools.

What are some other ways you protect yourself online? Are you worried about the threat of global hacking groups? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips & security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Answers to the most asked CyberGuy questions:

CyberGuy Best Holiday Gift Guide

Copyright 2023 CyberGuy.com. All rights reserved.

Stock Quote API & Stock News API supplied by www.cloudquote.io
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the following
Privacy Policy and Terms and Conditions.