U.S. Takes Action to Further Disrupt Russian Cyber Activities
Matthew Miller, Department Spokesperson The United States government is taking a series of actions today against cyber actors Callisto Group, Star Blizzard, and COLDRIVER, which are connected to Russian Federal Security Service (FSB) Center 18 for long-running cyber espionage campaigns that targeted numerous U.S.-based entities and individuals. The actions build on our longstanding efforts to disrupt Russian cyber activities, hold malicious cyber actors to account and defend against similar activity. The Department of Justice has unsealed an indictment charging Andrey Stanislavovich Korinets and Ruslan Aleksandrovich Peretyatko for their role in a criminal hacking conspiracy that targeted U.S.-based entities and individuals, including U.S. Department of Energy facilities’ employees. The conspirators also targeted UK officials, think tank researchers, and journalists, from whom certain information was leaked before the 2019 UK elections. The U.S. Department of the Treasury is sanctioning these individuals for their roles in the Callisto Group. Additionally, the Cybersecurity and Infrastructure Security Agency is issuing a Cyber Security Advisory explaining the technical details of the malicious activity, related warning signs, and mitigation measures that can be implemented to enhance network security against similar malicious activity. Concurrently, the U.S. Department of State’s Rewards for Justice (RFJ) program is offering a reward of up to $10 million for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, engages in certain malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA). Under this reward offer, the RFJ program is seeking information leading to the location or identification of Korinets, Peretyatko, and their fellow conspirators. We also note with concern the UK’s announcement that the same FSB-affiliate was involved in sustained cyber targeting of the UK’s democratic and political processes. We stand with the UK as it confronts such threats and call on all states to refrain from malicious cyber activity designed to destabilize and undermine democratic processes and societies. The United States, in concert with our allies and partners, will continue to promote a global cyberspace where responsible behavior is expected and irresponsible behavior is both costly and isolating. For more information on the U.S. actions, see: Two Russian Nationals Working with Russia’s Federal Security Service Charged with Global Computer Intrusion Campaign | United States Department of Justice United States and the United Kingdom Sanction Members of Russian State Intelligence-Sponsored Advanced Persistent Threat Group | U.S. Department of the Treasury Rewards For Justice – Stop a Terrorist and Save Lives Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns | CISA We encourage anyone with information on Peretyatko, Korinets, other Callisto Group actors, their affiliates, activities, or links to a foreign government to contact Rewards for Justice via the Tor-based tips-reporting channel at Tor browser: he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion. More information about this the RFJ reward offer is located on the Rewards for Justice website. Tags Bureau of Cyberspace and Digital Policy Cyber Issues Cyber Security Division for Counter Threat Finance and Sanctions Office of the Spokesperson Russia
Matthew Miller, Department Spokesperson
The United States government is taking a series of actions today against cyber actors Callisto Group, Star Blizzard, and COLDRIVER, which are connected to Russian Federal Security Service (FSB) Center 18 for long-running cyber espionage campaigns that targeted numerous U.S.-based entities and individuals. The actions build on our longstanding efforts to disrupt Russian cyber activities, hold malicious cyber actors to account and defend against similar activity.
The Department of Justice has unsealed an indictment charging Andrey Stanislavovich Korinets and Ruslan Aleksandrovich Peretyatko for their role in a criminal hacking conspiracy that targeted U.S.-based entities and individuals, including U.S. Department of Energy facilities’ employees. The conspirators also targeted UK officials, think tank researchers, and journalists, from whom certain information was leaked before the 2019 UK elections. The U.S. Department of the Treasury is sanctioning these individuals for their roles in the Callisto Group. Additionally, the Cybersecurity and Infrastructure Security Agency is issuing a Cyber Security Advisory explaining the technical details of the malicious activity, related warning signs, and mitigation measures that can be implemented to enhance network security against similar malicious activity.
Concurrently, the U.S. Department of State’s Rewards for Justice (RFJ) program is offering a reward of up to $10 million for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, engages in certain malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA). Under this reward offer, the RFJ program is seeking information leading to the location or identification of Korinets, Peretyatko, and their fellow conspirators.
We also note with concern the UK’s announcement that the same FSB-affiliate was involved in sustained cyber targeting of the UK’s democratic and political processes. We stand with the UK as it confronts such threats and call on all states to refrain from malicious cyber activity designed to destabilize and undermine democratic processes and societies.
The United States, in concert with our allies and partners, will continue to promote a global cyberspace where responsible behavior is expected and irresponsible behavior is both costly and isolating.
For more information on the U.S. actions, see:
- Two Russian Nationals Working with Russia’s Federal Security Service Charged with Global Computer Intrusion Campaign | United States Department of Justice
- United States and the United Kingdom Sanction Members of Russian State Intelligence-Sponsored Advanced Persistent Threat Group | U.S. Department of the Treasury
- Rewards For Justice – Stop a Terrorist and Save Lives
- Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns | CISA
We encourage anyone with information on Peretyatko, Korinets, other Callisto Group actors, their affiliates, activities, or links to a foreign government to contact Rewards for Justice via the Tor-based tips-reporting channel at Tor browser: he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion. More information about this the RFJ reward offer is located on the Rewards for Justice website.