Nation-State Actor
Star Blizzard
Russia • Active since 2017
Star Blizzard is a Russian spy group that specializes in stealing email passwords. They create fake websites and send convincing phishing emails to government workers and defense contractors.
Overview
Star Blizzard is a Russian FSB-linked threat actor specializing in credential phishing campaigns against government officials, defense organizations, and NGOs. They focus on intelligence targets in the UK and US.
Also Known As
SEABORGIUM, Callisto, TA446, COLDRIVER
Target Industries
Government, Defense, NGOs, Academia, Media
Target Regions
United Kingdom, United States, Europe, NATO countries
Is your business exposed?
Tactics, Techniques & Procedures
- • Spear-phishing for credentials
- • Impersonation of trusted contacts
- • OAuth consent phishing
- • Document lures
Known Tools & Malware
EvilGinx, Custom phishing infrastructure, Proton email abuse
Notable Campaigns
UK Government Targeting (2023)
Targeted UK government officials and MPs with credential phishing.
NGO Compromise Operations (2022)
Targeted NGOs working on democracy and human rights issues.
MITRE ATT&CK Techniques
T1566.001, T1598.003, T1528, T1534
Defense Recommendations
- 1.
Deploy phishing-resistant authentication
- 2.
Train high-risk users on targeted phishing
- 3.
Monitor OAuth application permissions
Related Threat Actors
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required