December 12, 2023

US and UK designate two individuals associated with Russia’s FSB for engaging in sustained and targeted cyber campaigns

On December 7, 2023, the United Sstates joined the UK Office of Financial Sanctions Implementation (“OFSI”) to designate two individuals associated with Russia’s Federal Security Service (“FSB”), the successor agency to the KGB, for their attempts to interfere in the UK political processes.  The UK government reported that the FSB, and in particular the two sanctioned individuals, has engaged in sustained attempts to initiate spear phishing cyber campaigns that have targeted politicians, civil servants, journalists, non-governmental organizations and other high-profile individuals and entities in the United Kingdom and around the world.  According to the US Office of Foreign Assets Control, the spear phishing campaigns occurred between at least 2016 and 2020.  In support of, and in solidarity with, the United Kingdom, OFAC designated the same two individuals for their connection to the FSB and for engaging in activity that has targeted critical government networks in the United States.

One of the designated individuals is Russian FSB intelligence officer Ruslan Aleksandrovich Peretyatko, who is allegedly associated with a group known as Star Blizzard, the Callisto Group, among other names.  The second designee is Andrey Stanislavovich Korinets, a member of Star Blizzard.  According to the UK National Cyber Security Centre (a part of the Government Communications Headquarters), Star Blizzard is subordinate to the FSB’s Centre 18, the unit responsible for cyber espionage operations targeting the United Kingdom.  While some of the attacks have resulted in document leaks, the UK government confirmed that the attempts to interfere with UK politics and democracy were not successful.  However, in response to Russia’s sustained attempts to interfere in the country’s political and democratic processes, the UK Foreign, Commonwealth and Development Office has summoned the Russian Ambassador.

Peretyatko and Korinets were designated in the UK pursuant to the Cyber (Sanctions) (EU Exit) Regulations 2020 (SI 2020/597), which subject the designees to an assets freeze.  In the United States, the two were designated under Executive Order 13694, as amended by EO 13757, for being responsible for, or complicit in, a cyber-enabled activity identified pursuant to EO 13694, as amended.  As a result of these designations, all property and interests in property of the designated individuals within the United States or within the possession or control of a US person are blocked, and US persons are generally prohibited from engaging in transactions with them.  In addition, entities owned 50 percent or more by one or more blocked persons are also blocked.

On the same day as the designations, the US Attorney’s Office of the Department of Justice’s Northern District of California announced indictments against Korinets and Petetyatko for their alleged conspiracy to engage in criminal hacking of US-based entities and individuals, including the employees of the US Department of Energy.  In addition, the US Cybersecurity and Infrastructure Security Agency (“CISA”) published an advisory to warn the public of the malicious cyber activities in which Star Blizzard has engaged, including the ongoing spear phishing techniques used to target individuals and entities around the world.

UK Government Press Release | OFSI Financial Sanctions Notice – Cyber | US Department of Treasury Press Release | US DOJ-USAO Press Release | US CISA Advisory