Today, CISA, the FBI, the National Security Agency, and other international partners released a joint cybersecurity advisory (CSA), titled “Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns,” to raise awareness of the specific spear-phishing techniques used by a Russian-based threat actor group known as Star Blizzard that targets individuals and organizations globally.

According to the advisory, Star Blizzard threat actors have targeted organizations in multiple critical infrastructure sectors. Some of Star Blizzard’s tactics and delivery methods include impersonating known contacts’ email accounts, creating fake social media profiles, using webmail addresses from providers such as Outlook, Gmail and others, and creating malicious domains that resemble legitimate organizations. Whichever delivery method is used, once the target clicks on the malicious link, they are directed to an actor-controlled server that mirrors the sign-in page for a legitimate service. Any credentials entered at this point are now compromised. Star Blizzard then uses the stolen credentials to log in to a target’s email account, where they are known to access and steal emails and attachments from the victim’s inbox. They have also set up mail- forwarding rules, giving them ongoing visibility of victim correspondence.

To defend against Star Blizzard threat activity, network defenders and critical infrastructure organizations are encouraged to implement recommended mitigations and report any observed malicious activity. Report suspicious activity to the FBI Internet Crime Complaint Center (IC3) at ic3.gov, local FBI Field Office, or CISA via the agency’s Incident Reporting System or its 24/7 Operations Center at report@cisa.gov or (888) 282-0870. For more information on Russian cyber threats, visit Russia Cyber Threat Overview and Advisories. Access the full advisory at CISA.