The British Foreign Office and the U.S. Treasury Department announced sanctions on December 7 against two Russians for their ties to a group of cybercriminals sponsored by Russia's Federal Security Service (FSB) that Britain and the United States say has targeted people and entities in the two countries and other partner countries.
The United States also announced an indictment charging the two Russians -- identified as Ruslan Peretyatko and Andrei Korinets -- with conducting a campaign to hack into computers in the United States, Britain, and other NATO countries "all on behalf of the Russian government."
The U.K. Foreign Office said in a statement on December 7 that the cyber-spying was conducted by Star Blizzard, also known as the Callisto Group, an entity that Britain's cybersecurity center has established with quasi-total certainty is run by Center 18 -- an FSB unit identified as being behind a series of cyber-espionage operations targeting Britain.
Following an investigation, the Foreign Office placed sanctions on Star Blizzard members Ruslan Aleksandrovich Peretyatko and Andrei Stanislavovich Korinets "for their involvement in the preparation of spear-phishing campaigns and associated activity that resulted in unauthorized access and exfiltration of sensitive data, which was intended to undermine U.K. organizations and more broadly, the U.K. government."
Among the actions conducted by Star Blizzard, the statement enumerated the targeting, including "spear-phishing," of British lawmakers from various political parties since at least 2015; the hack of British-U.S. trade documents that were leaked ahead of the 2019 general election; and the targeting of journalists, universities, the public sector, NGOs, and civil society groups that have a key role in British democracy.
British Foreign Secretary David Cameron said that, in sanctioning Korinets and Peretyatko and summoning the Russian ambassador, Britain was "shining a light on yet another example of how Russia chooses to operate on the global stage."
He said Russia’s attempts to interfere in U.K. politics "are completely unacceptable and seek to threaten our democratic processes."
The United States took action against Peretyatko and Korinets "in solidarity and support with the United Kingdom" after identifying their connection to the FSB unit and its activity targeting U.S. critical government networks, the U.S. Treasury Department said in a news release.
The U.S. Justice Department said the indictment charges each defendant with conspiracy to commit computer fraud against the United States, which carries a maximum penalty of five years in prison, and conspiracy to commit wire fraud, which carries a maximum penalty of 20 years in prison.
The men are presumed to be in Russia and would risk being brought to the United States for prosecution on the charges only if they were arrested in a country that has an extradition treaty with the United States. The sanctions freeze any assets they hold in U.S. jurisdictions and bar people in the United States from conducting business or any other dealings with them.
Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division said in the Justice Department's news release that the indictment unsealed on December 7 highlights that the Russian government continues to target the critical networks of the United States and its partners.
“Through this malign influence activity directed at the democratic processes of the United Kingdom, Russia again demonstrates its commitment to using weaponized campaigns of cyber espionage against such networks in unacceptable ways," Olsen said.
The Treasury Department said the FSB has conducted spear-phishing campaigns designed to gain access to targeted e-mail accounts and maintain access to them to obtain potentially sensitive information.
The department said that Korinets and Peretyatko operated between at least 2016 and 2020. Their activities included creating malicious domain infrastructure for FSB spear-phishing campaigns and using several e-mail addresses designed to mimic legitimate management accounts of well-known technology companies.
One of the fake e-mail accounts intended to mimic a retired U.S. Air Force general and, since the date of its activation until late 2019, it had sent at least 20 spear-phishing e-mails, which included domains created by Korinets, the Treasury Department said.
Fraudulent e-mail accounts created by Peretyatko sent spear-phishing e-mails purporting to be from a major software company directing victims to change their passwords in an attempt to harvest their credentials.