US seizes 2 domain names used in cyberespionage campaign

Politics

FILE – In this April 1, 2014, file photo, the headquarters for the U.S. Agency for International Development is seen in Washington. The state-backed Russian cyber spies behind the SolarWinds hacking campaign launched a targeted spear-phishing assault on U.S. and foreign government agencies and think tanks using an email marketing account of the U.S. Agency for International Development, Microsoft said, late Thursday, May 27, 2021. (AP Photo/J. David Ake, File)

WASHINGTON (AP) — The Justice Department said Tuesday that it has seized two domain names used in a cyberespionage campaign that targeted U.S. and foreign government agencies, think tanks and humanitarian groups.

The campaign was disclosed last week by Microsoft, which linked it to the same group of Russian intelligence operatives responsible for the massive SolarWinds intrusion that breached federal agencies and private corporations.

The company said over the weekend that it was “still not seeing evidence of any significant number of compromised organizations at this time.” The White House on Friday similarly downplayed the cyber assault as “basic phishing,” in which hackers use malware-laden emails to access networks, and said U.S. agencies had largely fended it off.

Still, officials say the U.S. government’s action on Friday was aimed at preventing any further exploitation of victims, though the Justice Department also warned that the hackers may have used additional backdoor accesses to get into networks between when the hacking first began and the time that the domains were seized.

“Last week’s action is a continued demonstration of the department’s commitment to proactively disrupt hacking activity prior to the conclusion of a criminal investigation,” Assistant Attorney General John Demers, the Justice Department’s top national security official, said in a statement.

He said the department would “continue to evaluate all possible opportunities to use our unique authorities to act against such threats.”

In the case disclosed last week, hackers gained access to an email marketing account of the U.S. Agency for International Development, and masquerading as the government body, targeted about 3,000 email accounts at more than 150 different organizations.

The company did not say what portion of the attempts may have led to successful intrusions but said that most were blocked by automated systems that marked them as spam.

_____

Follow Eric Tucker on Twitter at http://www.twitter.com/etuckerAP

Copyright 2021 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.