An official website of the United States government
Here's how you know
A .gov website belongs to an official government organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Press Release | Dec. 7, 2023

NSA, UK National Cyber Security Centre, and Partners Release Update About Russian ‘Star Blizzard’ Spear-phishing Campaign

FORT MEADE, Md. – The National Security Agency (NSA) has joined the UK National Cyber Security Centre (NCSC-UK) and other partners in releasing the Cybersecurity Advisory (CSA), “Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-Phishing Campaigns,” to raise awareness of the specific spear-phishing techniques used by Star Blizzard to target individuals and organizations, including the U.S. government and Defense Industrial Base, and to provide guidelines to protect against the continued threat.   
 
Star Blizzard, formerly known as SEABORGIUM or BlueCharlie, is an organization with links to the Russian Federal Security Service (FSB) that targets specific individuals or groups perceived to have direct access to information of interest to Russia, including governmental organizations, the defense industry, academia, think tanks, NGOs, politicians, and others in the U.S. and UK, as well as targets in other NATO countries and countries neighboring Russia.

“Russia continues to be a threat. They continue to successfully use known spear-phishing techniques for intelligence gathering,” said Rob Joyce, Director of NSA’s Cybersecurity Directorate. “Those at risk should note that the FSB likes to target personal email accounts, where they can still get to sensitive information but often with a lower security bar.”

Following the previously published guidance in January 2023, the report details two new reported tactics, techniques, and procedures (TTPs) used by Star Blizzard to target individuals and organizations. The actor utilizes the open source framework EvilGinx, which enables them to harvest credentials and session cookies to successfully bypass multifactor authentication. According to the CSA, likely Star Blizzard activity expanded in 2022, to include defense and energy targets.

This advisory outlines mitigations to defend against Star Blizzard activity. These mitigations include using strong passwords, using multifactor authentication (MFA), completing network and device updates, exercising vigilance in identifying suspicious emails and links, enabling automated email scanning features, and disabling mail forwarding.
 
Read the full report here.
 
Visit our full library for more cybersecurity information and technical guidance.

NSA Media Relations
MediaRelations@nsa.gov
443-634-0721

Related Press Advisories

U.S. Agencies and Allies Partner to Identify Russian Snake Malware Infrastructure Worldwide
CISA, FBI, NSA, and International Partners Issue Advisory on Demonstrated Threats and Capabilities of Russian State-Sponsored and Cyber Criminal Actors

Related Documents

CSA: Russian FSB cyber actor Star Blizzard continues worldwide spear-phishing campaigns
cybersecurity Strong International Partnership csa spear-phishing Star Blizzard advisory FSB multifactor authentication mfa russia mitigation
Hosted by Defense Media Activity - WEB.mil