The Elusive Tactics of Star Blizzard


A shadowy group of hackers has emerged onto the global stage, orchestrating a sophisticated global spear phishing attack reportedly linked to the Kremlin. Known under an array of pseudonyms—Star Blizzard (formerly SEABORGIUM), Callisto Group, TA446, COLDRIVER, TAG-53, and BlueCharlie—this clandestine unit employs a cunning strategy. Their method? Covertly embedding seemingly harmless links within legitimate websites to extract valuable information.

Their prime targets are individuals holding significant and exploitable data, which could be anyone. This group’s tactics represent a formidable threat as they relentlessly pursue potential sources of invaluable information, spanning various sectors, including academia, defence, and governmental bodies in the United States and the United Kingdom.

According to reports from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the scope of their targets extends beyond national borders, aiming at NATO members and nations near China. Their modus operandi is as meticulous as insidious, involving extensive surveillance through social media platforms to stalk and understand their victims. Once their groundwork is laid, they craft fake email accounts and social media profiles that mimic trusted contacts or industry experts. They resort to creating deceptive websites that mirror legitimate platforms, deploying cunningly devised fake event invitations.

Their Approach

Their approach is insidious—by engaging victims in seemingly harmless conversations and leveraging shared interests, they lay the groundwork for their ultimate trap. Subsequently, they dispatch malicious links masquerading as familiar platforms like Google Drive or OneDrive, enticing victims to log in. Despite their appearance of legitimacy, these hackers harbour evil intentions, coercing individuals into divulging their credentials or downloading malicious files. Never click on links from dubious or unknown sources.

The ramifications of falling into their trap are dire: the hackers can swiftly take your information when you input or download anything. Your account becomes an open book to them, paving the way for unauthorized access and exploitation of your data.

Vigilance is our most outstanding defence. Recognizing the hallmarks of these deceitful tactics and exercising caution when encountering suspicious links can serve as our shield against the malevolent designs of groups like Star Blizzard. Stay informed, stay cautious, and together, we can fortify our digital defences against such pernicious threats. Because spear-phishing scams can be hyper-targeted towards you, it’s essential to exercise caution. It would be best if you verified messages before opening them and continually review your messages for signs of phishing by being alert to the following:

  • Emails that request personal information like social security numbers or bank or financial information.
  • The email address was changed to be similar to a legitimate one. Check for added numbers or changed letters.
  • An email from a business or someone you’ve never dealt with. 
  • A message asking you to enable macros, adjust security settings, or install applications. 
  • A message containing errors.
  • The sender’s address doesn’t match the signature on the message itself. 
  • A greeting on the “to” bar or message doesn’t address you.

The best methods to keep secure on social media are to be on the lookout for online fraud and to take extra precautions to safeguard the privacy of your account.To learn more about cyber consumer concerns, like best protection practices, you can download our interactive mobile app, FRAUDSTER, available on Apple and Android. You can learn more at

If you’ve already downloaded the FraudsterApp, click the training icon on the home screen to learn to protect yourself. 



Terry Cutler

I’m Terry Cutler, the creator of Internet Safety University, an educational system helping to defend corporations and individuals against growing cyber threats. I’m a federal government-cleared cybersecurity expert (a Certified Ethical Hacker), and the founder of Cyology Labs, a first-line security defence firm headquartered in Montréal, Canada. In 2020, I wrote a bestselling book about the secrets of internet safety from the viewpoint of an ethical hacker. I’m a frequent contributor to National & Global media coverage about cyber-crime, spying, security failures, internet scams, and social network dangers families and individuals face daily.