A press release from the U.S. Department of Justice details a significant disruption of Russian intelligence spear phishing efforts.

The DOJ, in coordination with Microsoft, seized 41 internet domains used by Russian intelligence agents and their proxies to commit computer fraud and abuse in the United States. This action is part of a broader strategy to disrupt and deter state-sponsored cyber actors.

The seized domains were used by hackers from the Callisto Group, an operational unit within the Russian Federal Security Service (FSB), to conduct sophisticated spear phishing campaigns.

These campaigns aimed to gain unauthorized access to sensitive information from U.S. government agencies, businesses, and other victims. Microsoft also took concurrent action to restrain 66 internet domains used by the same actors.

According to the DOJ:

"The Russian government ran this scheme to steal Americans' sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials. "

https://www.justice.gov/opa/pr/justice-department-disrupts-russian-intelligence-spear-phishing-efforts (Oct. 03, 2024).

Commentary

Spear phishing is a targeted attempt to steal sensitive information such as account credentials or financial information from a specific individual, often for malicious reasons, by masquerading as a trustworthy entity in electronic communications.

Unlike regular phishing, which involves sending out mass emails to random recipients, spear phishing is highly targeted and personalized, making it more convincing and harder to detect.

Attackers often gather personal information about their targets from social media and other sources to craft messages that appear legitimate. These messages typically contain malicious links or attachments that, when selected, can lead to the installation of malware or the theft of sensitive information.

According to the DOJ, social media is where nation states, but also online criminal gangs and other criminals (online and offline), discover information to target someone for social engineering including spear phishing.

To lower your exposure to social engineering scams, consider the following:

• Adjust your privacy settings to limit who can see your posts and personal information.
• Only share private information with trusted friends and connections
• Be cautious of unsolicited messages, especially those asking for personal information or containing links
• Verify the sender's identity before responding to unsolicited messages
• Use strong, unique passwords for each of your social media accounts
• Consider using a password manager to social media passwords
• Enable two-factor authentication
• Update and/or patch social media apps and devices to protect against security vulnerabilities
• Do not share sensitive information like your full birthdate, address, or phone number on social media, including social media profiles
• Stay informed about common phishing tactics

The final takeaway is that if you notice unusual activity on a social media account, report it to the social media platform immediately and be aware of possible phishing attempts.