The FBI and Microsoft have seized more than 100 web domains they say Russian intelligence used for cyber-espionage, according to court documents unsealed Thursday.
The domains were allegedly staging grounds for Russia’s FSB intelligence agency in its ongoing efforts to spy on targets of interest, ranging from the U.S. Department of Energy to Russian nonprofits and media outlets critical of the Kremlin.
The FBI said in an affidavit that the websites were used as part of a “spear phishing campaign,” a term for targeted efforts to trick people into divulging sensitive information, usually email login credentials. That information was sought “with the goal of gaining unauthorized access to the computers and email accounts of victims, to then steal valuable information and sensitive United States government intelligence,” the FBI said in the affidavit.
The Justice Department seized 41 of the web domains, according to the FBI affidavit, and also granted Microsoft control of 66 additional domains the company said were part of the same operation.
“The information targeted by the FSB and illegally accessed during the criminal conspiracy included sensitive information related to the identity of United States employees, defense foreign affairs, and security policies, as well as nuclear energy related technology, research, and development, all of which is particularly valuable to the Russian government’s efforts to engage in malign foreign influence operations within the United States,” the FBI said in the affidavit.
Russia’s Ministry for Foreign Affairs did not respond to a request for comment.
Intelligence agencies with even moderate cyber capabilities routinely hack foreign targets to gather intelligence. The seizure represents a rare instance in which the U.S. has used its court system to publicly illustrate how it’s disrupting an alleged foreign cyberespionage operation.
The FSB is the successor agency to the KGB, and is roughly analogous to the FBI in the U.S. To date, the U.S. has not accused the FSB of attempting to significantly interfere with the 2024 U.S. election. The U.S. has accused Russia’s military intelligence agency, the GRU, of hacking and releasing Hillary Clinton’s campaign emails in 2016 to damage her presidential candidacy.
A Microsoft spokesperson told NBC News that the company has not seen the FSB hackers specifically trying to breach U.S. political campaigns or election infrastructure. But in a blog post describing the takedown, Steven Masada, assistant general counsel for Microsoft’s Digital Crimes Unit, noted that the hackers had a history of targeting political enemies and that Microsoft wanted to make Russian cyberspies’ jobs harder.
The legal takedown “impacts their operations at a critical point in time when foreign interference in U.S. democratic processes is of utmost concern. It will also enable us to quickly disrupt any new infrastructure we identify through an existing court proceeding,” Masada said.
Many of the web domains allegedly used by the FSB were hosted by Virginia-based company Verisign, the court documents said. There’s no indication that Verisign knowingly allowed the FSB to use its services to conduct hacking operations. The company didn’t respond to a request for comment.
Natalia Krapiva, senior tech-legal counsel at the internet access nonprofit Access Now, which has warned other nonprofits about the alleged FSB campaign for years, said the seizure of the web domains was a victory for nonprofits that are routinely targeted by intelligence services.
“This joint legal action is a powerful example of what can be accomplished when private companies, governments, and civil society join forces to protect vulnerable communities from cyber attacks,” she said.
