International /

Fox News: Russian cybergroup Star Blizzard unleashes global spear-phishing attack Menacing hacker group with ties to Kremlin is attacking Americans

In sum? Merry Christmas - and be careful

  |   By Polling+ Staff

Server room with big data

And 21st century technology in the hands of the bad guys proceeds.

Fox News headlines:

Russian cybergroup Star Blizzard unleashes global spear-phishing attack 

Menacing hacker group with ties to Kremlin is attacking Americans

The story reports:

A Russian hacking group tied to the Kremlin has unleashed a global attack. They are using what appear to be links to innocent websites to steal information.

These hackers from Star Blizzard, which formerly operated as SEABORGIUM, are also known as Callisto Group/TA446/COLDRIVER/TAG-53/BlueCharlie.

The dangerous group is targeting anyone who might have information they can use. They’re even going after the U.S. government. 

Who Star Blizzard has attacked so far

So far, Star Blizzard has attacked people tied to academics, defense, government organizations and more in both the U.S. and the U.K. According to the U.S. Cybersecurity and Infrastructure Security Agency, the group is also targeting NATO members and countries near China. 

What is spear-phishing?

Spear-phishing is an attack where hackers target specific groups or individuals. They think their victims either have the information they want or have direct access to it. In this case, we don’t know what information Star Blizzard wants. However, we do know how their operation works. 

How Star Blizzard hackers use social engineering to trick you

According to the CISA, Star Blizzard hackers will use social media and networking platforms to stalk their victims. They’ll take their time to really get to know their target.

They’ll then create fake email accounts such as Outlook, Gmail, and others, plus social media profiles to impersonate your close contacts or experts. Hackers will even go so far as to create malicious websites that appear to be legitimate to fool you. And the CISA says there have been cases where attackers have created fake event invitations to lure their victims. 

The trap of Star Blizzard hackers

From there, they’ll reach out to you and begin to draw you into their trap. Usually, they’ll look for common interests to help spark a conversation. Hackers will then send a malicious link, posing as a Google Drive, OneDrive, or another link where you’d have to log on to a platform. According to Microsoft, some of the common URLs that Star Blizzard hackers use look like this (for safety reasons the exact URL has been modified):




These URLs may look legitimate, but they are actually designed to trick you into entering your credentials or downloading malicious files. You should never click on any link that you receive from an unknown or suspicious source. 

If you do, the hackers can steal your information as soon as you type it in, download it, or click a malicious file or link. Once you do this then they have full access to your account. From there, your information is theirs to have and use. 

How you can protect yourself from Star Blizzard hackers

Be careful about clicking on links in emails or messages from unknown or suspicious sources, especially on social media and networking platforms, as that’s how Star Blizzard hackers like to stalk their victims. They might lead you to malicious websites that can steal your information or infect your device with malware.

Verify the identity of the sender before opening any attachments or downloading any files. You can do this by checking their email address, social media profile, or other online presence. If you are not sure, you can contact them through another channel to confirm.

Use strong and unique passwords for your online accounts and change them regularly. Be sure to use separate passwords for email accounts and try to avoid re-using the same passwords over and over again. Using the same password across multiple platforms will always make you more vulnerable because if one account gets hacked, they all get hacked. You can also use a password manager to store and generate secure passwords for you. This way, you can prevent cybercriminals like Star Blizzard hackers from accessing your accounts if they compromise one of them.

Enable two-factor authentication (2FA) for your online accounts whenever possible. This adds an extra layer of security by requiring a code or a device to log in. This way, even if the Russian hacking group gets your password, they won’t be able to access your account without the second factor. 

Keep your software and devices updated with the latest security patches and updates. This can help you fix any vulnerabilities or bugs that Star Blizzard hackers might exploit.

Have good antivirus software on all your devices: The best way to protect yourself from having your data breached is to haveantivirus protection installed on all your devices. Having good antivirus software actively running on your devices will alert you of any malware in your system, warn you against clicking on any malicious links in phishing emails, and ultimately protect you from being hacked by Star Blizzard hackers. 

I’ve been scammed by Star Blizzard hackers! What to do next?

Below are some next steps if you find you or your loved one is a victim of identity theft.

1) If you can regain control of your accounts, change your passwords and inform the account provider.

2) Look through bank statements and checking account transactions to see where outlier activity started.

3) Use a Fraud protection service. Identity Theft companies can monitor personal information like your Social Security Number, phone number, and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

Some of the best parts of using an identity theft protection service include identity theft insurance to cover losses and legal fees and a white glove fraud resolution team where a US-based case manager helps you recover any losses. See my review for Best identity theft protection services 2023 here.

4) Report any breaches to official government agencies like the Federal Communications Commission.

5) You may wish to get the professional advice of a lawyer before speaking to law enforcement, especially when you are dealing with criminal identity theft, and if being a victim of criminal identity theft leaves you unable to secure employment or housing 

6) Alert all three major credit bureaus and possibly place a fraud alert on your credit report.

7) Run your own background check or request a copy of one if that is how you discovered your information has been used by a criminal.

If you are a victim of identity theft, the most important thing to do is to take immediate action to mitigate the damage and prevent further harm.”

In sum? Merry Christmas – and be careful.