The Department of Justice, in collaboration with Microsoft, successfully thwarted Russian-orchestrated cyberattacks targeting American political figures and civil society.
A comprehensive cyberattack was carried out with the objective of gathering intel on US and allied initiatives aiding Ukraine, and to sabotage pro-democracy and human rights organizations in the US, UK, and Eastern Europe, as claimed by American authorities and industry experts.
This forms part of a sequence of actions undertaken by the Department of Justice to expose alleged clandestine Russian operations aiming to disrupt US democracy prior to the 2024 presidential election. In this instance, the cybercriminals did not focus on political campaigns or election infrastructure; instead, their target was to weaken the civil society organizations that uphold functioning democracies, as reported by Microsoft.
From January 2023 to August 2024, the cybercriminals attacked 30 entities such as news outlets, think tanks, and NGOs, stealing their confidential information and attempting to thwart their operations, according to Steven Masada, Microsoft's assistant general counsel.
Stolen data by the cybercriminals included "sensitive info" relevant to US government employees and US defense and security policies, as mentioned in an FBI agent's affidavit in the case. All this information, as per the affidavit, is critically important to Russia's endeavor to conduct nefarious foreign interference operations within the US.
It was unclear when exactly the hackers obtained this sensitive US government information in the activity referred to in the affidavit. CNN has sought comment from the Justice Department.
A US indictment released last year implicated the same hacking group in stealing "significant intel" related to US defense and security policies, along with data on nuclear energy technology in 2016 and 2022.
The UK government accused the same Russian hacking group of mounting "persistent, unsuccessful attempts to interfere in UK political processes" over several years, involving hacking politicians, bureaucrats, and journalists.
The hackers operate for Russia's FSB intelligence agency, the primary successor to the Soviet-era KGB, according to US authorities. The FSB possesses a wide range of hacking capacities to monitor dissidents both domestically and internationally. Another FSB-linked hacking team posed a direct threat to US critical infrastructure by targeting energy facilities, according to US officials.
Since Russia's full-scale invasion of Ukraine in 2022, the FSB and other Russian intelligence agencies have relentlessly employed cyber campaigns to attempt to comprehend and hinder Western initiatives to aid Ukraine with military assistance.
"A single account breach of a journalist or dissident can have far-reaching consequences for their security and personal freedoms," stated John Scott-Railton, a researcher at the University of Toronto's The Citizen Lab, who investigated the activity. "This is why it is crucial for platforms to impose penalties on Russian hacking operations."
The NGO Information Sharing and Analysis Center, a nonprofit safeguarding civil society groups from hacking, filed a lawsuit with Microsoft in federal court, permitting the tech firm to seize the internet domains.
CNN has requested comment from the Russian Embassy in Washington, DC. The Kremlin routinely dismisses US accusations of hacking, regardless of the level of detail and evidence provided.
Natalia Krapiva, senior tech-legal counsel at nonprofit Access Now, which contributed to the case, commended "the brave victims who shared their tales and data, making this action possible."
This story has been updated with additional information.
The Department of Justice is taking serious measures to address politics-related concerns, as they aim to expose Russian operations aiming to disrupt US democracy. The cybercriminals' actions were not limited to political campaigns or election infrastructure; instead, they targeted pro-democracy and human rights organizations.
