The U.S. Department of Justice (DOJ) recently disrupted a spear phishing campaign orchestrated by Russian intelligence agents.

The DOJ seized 41 internet domains used to commit computer fraud and abuse in the United States. This action was part of a coordinated effort with Microsoft, which also restrained 66 domains used by the same actors.

According to the source:

"Today's seizure of 41 internet domains reflects the Justice Department's cyber strategy in action – using all tools to disrupt and deter malicious, state-sponsored cyber actors," said Deputy Attorney General Lisa Monaco. "The Russian government ran this scheme to steal Americans' sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials. With the continued support of our private sector partners, we will be relentless in exposing Russian actors and cybercriminals and depriving them of the tools of their illicit trade."

"This disruption exemplifies our ongoing efforts to expel Russian intelligence agents from the online infrastructure they have used to target individuals, businesses, and governments around the world," said Assistant Attorney General Matthew G. Olsen of the Justice Department's National Security Division. "Working closely with private-sector partners such as Microsoft, the National Security Division uses the full reach of our authorities to confront the cyber-enabled threats of tomorrow from Russia and other adversaries."  https://www.justice.gov/opa/pr/justice-department-disrupts-russian-intelligence-spear-phishing-efforts (Oct. 03, 2024).

Commentary

The source states that Russian actors were using "seemingly legitimate email accounts".

In other words, they were spear phishing targets - a tried and effective social engineering scheme. The Russian emails were designed to look like they came from real people or reputable organizations and were sent to a specific target. The goal is to deceive their targets into thinking the emails are genuine, so the targets are tricked into providing sensitive information, such as usernames and passwords.

Why is a G-20 nation state using a basic spear phishing technique?

Because it still works. Even though people have been warned and trained, they are still falling for one of the oldest social engineering frauds of the Internet age. 

To protect yourself does not mean you give up – instead, you need to increase step up by verifying email addresses before you reply, using strong and unique passwords, employing spam filters, and updating your software.

Never select an unexpected link or an attachment. Malware may reside in the attachment and that link may take you to a domain controlled by Russians or other nation state bad actors.

If you get an unexpected message asking you to select a link or an attachment- even if it is from someone you know and trust - who sends you legitimate links and attachments all the time - you need to verify the link and/or attachment is legitimate. Do not reply to the message because you may be replying to the bad actors. 

For example, if you get an unexpected email from what looks like a friend to look at a link to a travel destination you were considering, don't select the link or reply to the email. Text your friend and write these words: "Did you send me a link to a travel destination?"

Then, just in case all your prevention efforts fail, you need to employ two-factor or multi-factor authentication. If the bad actors have your credentials, it is the last gateway that may keep your accounts safe.

The final takeaway is that bad actors have a rule – "if it ain't broke, don't fix it". Until we make spear phishing obsolete, bad actors will keep sending them and pushing the limits.