Microsoft and the U.S. Department of Justice (DoJ) announced the seizure of 107 internet domains linked to Russian state-sponsored threat actors, used to carry out computer fraud and abuse.

The threat group, identified as COLDRIVER (also known by various names such as Blue Callisto, Gossamer Bear, and Star Blizzard), has been active since at least 2012 and is believed to operate within Center 18 of the Russian Federal Security Service (FSB). The seized domains were part of spear-phishing campaigns targeting U.S. government agencies and other victims to steal sensitive information and credentials. In response, Microsoft also filed a civil action to seize an additional 66 domains used by the group between January 2023 and August 2024.

COLDRIVER’s attacks have primarily targeted NGOs, think tanks, and entities supporting Ukraine, as well as NATO countries like the U.K. and U.S. The group is known for its aggressive phishing campaigns aimed at high-value targets, including former intelligence officials and Russian citizens in the U.S. Both the U.S. and U.K. sanctioned key members of the group in 2023 for their involvement in credential theft. Microsoft’s Digital Crimes Unit highlighted the group's relentless efforts to exploit digital interactions, evolving its tactics to compromise victims' credentials through personalized phishing emails.