{ "id": "c3c2710b-963b-4681-b887-edf238c1b04b", "created_at": "2026-04-06T00:22:11.909888Z", "updated_at": "2026-04-10T13:11:49.298309Z", "deleted_at": null, "sha1_hash": "f0546ec2e9e158109af47344e63199e1a9423ff6", "title": "Star Blizzard", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 40956, "plain_text": "Star Blizzard\r\nArchived: 2026-04-05 18:22:06 UTC\r\nFOR THE US COURT\r\nFOR THE DISTRICT OF COLUMBIA\r\nMicrosoft Corporation, a Washington Corporation,\r\nNGO-ISAC, a New York Non-Profit Corporation\r\nPlaintiff,\r\nv.\r\nJOHN DOES 1-2, CONTROLLING A\r\nCOMPUTER NETWORK AND\r\nTHEREBY INJURING PLAINTIFF\r\nAND ITS CUSTOMERS,\r\n)\r\n)\r\n)\r\n)    Civil Action No. 1:24-cv-02719-RC\r\n)\r\n)\r\n)\r\n)\r\n)\r\n)\r\n)\r\n)\r\n)\r\nPlaintiffs Microsoft Corporation (“Microsoft”) and NGO Information Sharing and Analysis Center\r\n(“NGO-ISAC”) have sued Defendants John Does 1-2 associated with the Star Blizzard cybercriminal\r\noperation and domains listed in the documents set forth herein. Plaintiffs allege that the Star Blizzard\r\nDefendants have violated Federal and state law by hosting a cybercriminal operation through these\r\ndomains, orchestrating a sophisticated spear phishing operation, impersonating victims and victims’\r\ncontacts to trick the victim into sharing login credentials, using the login credentials to infiltrate email\r\nsystems, and exfiltrating sensitive personal and commercial data and have committed intellectual property\r\nviolations to the injury of Plaintiffs and Plaintiffs’ customers and member organizations. Plaintiffs seek a\r\npreliminary injunction directing the registrars associated with these domains to take all steps necessary to\r\ndisable access to and operation of these domains to ensure that changes or access to the domains cannot be\r\nhttps://www.noticeofpleadings.com/starblizzard/\r\nPage 1 of 2\n\nmade absent a court order and that all content and material associated with these domains are to be\r\nisolated and preserved pending resolution of the dispute. Plaintiffs seek a permanent injunction, other\r\nequitable relief and damages. Full copies of the pleading documents are available at\r\nwww.noticeofpleadings.com/starblizzard.\r\nNOTICE TO DEFENDANTS: READ THESE PAPERS CAREFULLY! You must “appear” in this case or\r\nthe other side will win automatically. To “appear” you must file with the court a legal document called a\r\n“motion” or “answer.” The “motion” or “answer” must be given to the court clerk or administrator within\r\n21 days of the date of first publication specified herein. It must be in proper form and have proof of service\r\non the Plaintiffs’ attorneys, Jeffrey L. Poston at Crowell \u0026 Moring LLP, 1001 Pennsylvania Avenue NW,\r\nWashington D.C. 20004, jposton@crowell.com. If you have questions, you should consult with your own\r\nattorney immediately.\r\nMOTION FOR DEFAULT JUDGEMENT AND PERMANENT INJUNCTION\r\nContact Us\r\nIf you wish to contact us by e-mail, fax, phone or letter please contact us at:\r\nJeffrey L. Poston\r\nCrowell \u0026 Moring LLP\r\n1001 Pennsylvania Ave. NW\r\nWashington, DC 20004\r\nTelephone: +1 (202) 624-2775\r\nFacsimile: +1 (202) 628-5116\r\nEmail: jposton@crowell.com\r\nSource: https://www.noticeofpleadings.com/starblizzard/\r\nhttps://www.noticeofpleadings.com/starblizzard/\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "MISPGALAXY", "Malpedia" ], "origins": [ "web" ], "references": [ "https://www.noticeofpleadings.com/starblizzard/" ], "report_names": [ "starblizzard" ], "threat_actors": [ { "id": "79bd28a6-dc10-419b-bee7-25511ae9d3d4", "created_at": "2023-01-06T13:46:38.581534Z", "updated_at": "2026-04-10T02:00:03.029872Z", "deleted_at": null, "main_name": "Callisto", "aliases": [ "BlueCharlie", "Star Blizzard", "TAG-53", "Blue Callisto", "TA446", "IRON FRONTIER", "UNC4057", "COLDRIVER", "SEABORGIUM", "GOSSAMER BEAR" ], "source_name": "MISPGALAXY:Callisto", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "3aedca2f-6f6c-4470-af26-a46097d3eab5", "created_at": "2024-11-01T02:00:52.689773Z", "updated_at": "2026-04-10T02:00:05.396502Z", "deleted_at": null, "main_name": "Star Blizzard", "aliases": [ "Star Blizzard", "SEABORGIUM", "Callisto Group", "TA446", "COLDRIVER" ], "source_name": "MITRE:Star Blizzard", "tools": [ "Spica" ], "source_id": "MITRE", "reports": null }, { "id": "2d06d270-acfd-4db8-83a8-4ff68b9b1ada", "created_at": "2022-10-25T16:07:23.477794Z", "updated_at": "2026-04-10T02:00:04.625004Z", "deleted_at": null, "main_name": "Cold River", "aliases": [ "Blue Callisto", "BlueCharlie", "Calisto", "Cobalt Edgewater", "Gossamer Bear", "Grey Pro", "IRON FRONTIER", "Mythic Ursa", "Nahr Elbard", "Nahr el bared", "Seaborgium", "Star Blizzard", "TA446", "TAG-53", "UNC4057" ], "source_name": "ETDA:Cold River", "tools": [ "Agent Drable", "AgentDrable", "DNSpionage", "LOSTKEYS", "SPICA" ], "source_id": "ETDA", "reports": null }, { "id": "3a057a97-db21-4261-804b-4b071a03c124", "created_at": "2024-06-04T02:03:07.953282Z", "updated_at": "2026-04-10T02:00:03.813595Z", "deleted_at": null, "main_name": "IRON FRONTIER", "aliases": [ "Blue Callisto ", "BlueCharlie ", "CALISTO ", "COLDRIVER ", "Callisto Group ", "GOSSAMER BEAR ", "SEABORGIUM ", "Star Blizzard ", "TA446 " ], "source_name": "Secureworks:IRON FRONTIER", "tools": [ "Evilginx2", "Galileo RCS", "SPICA" ], "source_id": "Secureworks", "reports": null } ], "ts_created_at": 1775434931, "ts_updated_at": 1775826709, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/f0546ec2e9e158109af47344e63199e1a9423ff6.pdf", "text": "https://archive.orkl.eu/f0546ec2e9e158109af47344e63199e1a9423ff6.txt", "img": "https://archive.orkl.eu/f0546ec2e9e158109af47344e63199e1a9423ff6.jpg" } }