Message from the MS-ISAC
Today, CISA—in coordination with the United Kingdom’s National Cyber Security Centre (UK-NCSC), Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NCSC-NZ), and the U.S. National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Cyber Command Cyber National Mission Force (CNMF)—released a joint Cybersecurity Advisory (CSA) Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns. The joint CSA aims to raise awareness of the specific tactics, techniques, and delivery methods used by this Russia-based threat actor group to target individuals and organizations. Known Star Blizzard techniques include:
- Impersonating known contacts’ email accounts,
- Creating fake social media profiles,
- Using webmail addresses from providers such as Outlook, Gmail, and others, and
- Creating malicious domains that resemble legitimate organizations.
CISA encourages network defenders and critical infrastructure organizations to review the CSA to improve their cybersecurity posture and protect against similar exploitation based on threat actor activity. CISA also urges software manufacturers to incorporate secure-by-design and -default principles into their software development practices, limiting the impact of threat actor activity.
BUREN R. (Ric) MOORE, SGM(R)
GOHSEP Intelligence Officer
Louisiana State Analytical & Fusion Exchange (LA-SAFE) Liaison
7667 Independence Blvd.
Baton Rouge, LA 70806
Office: 225.925.3674
In the case of terrorism, to wait for an indication of crime before investigating it is to wait too long. There is no guarantee of success, but there has to be a guarantee of effort. Let’s make it hard to hurt us. If you see something suspicious, report it.