Russia’s Cozy Bear comes out of hiding with post-election spear-phishing blitz

Russian President Vladmir Putin in St. Petersburg today for the St. Petersburg International Economic Forum, acknowledged today that Russian hackers may have interfered in the US election.

Enlarge / Russian President Vladmir Putin in St. Petersburg today for the St. Petersburg International Economic Forum, acknowledged today that Russian hackers may have interfered in the US election. (credit: Mikhail Svetlov/Getty Images)

Attackers suspected of working for the Russian government masqueraded as a US State Department official in an attempt to infect dozens of organizations in government, military, defense contracting, media, and other industries, researchers from security firm FireEye warned on Monday.

» Top New Products

Say Goodbye to Plastic
cs_image_0

Preserve  your  food    and    protect  your  family  with  our  organic,  reusable  foodwraps.                                   

$39.00
Spreadsheet123
cs_image_1

Spreadsheet123  -  Your  Ultimate  Guide  To  The  World  Of  Excel.                                                                                 

$39.95
Forex Market Sentiment
cs_image_2

A  UNIQUE  AND  HIGHLY  PROFITABLE  FOREX  INDICATOR  THAT  EVERYONE  CAN  PUT  THEIR  HANDS  ON                                 

$97.00
Golf instruction program
cs_image_3

Use  this  secrets  to  hit  longer,  more  accurate  shots  in  only  15  minutes  a  day.                                             

$37.00
Make $9,393 In Just 28 Days
cs_image_4

Discover  how  I  make  $5k  to  $15k  with  affiliate  marketing  and  my  new  AI  Software.                                       

$17.00
Develop Volleyball Strength
cs_image_5

Easy,  Fun  Program  Gets  Fast  Results  Volleyball  Players  11  Years  and  Up                                                           

$27.00
The Einstein Success Code
cs_image_6

Discover  his  unique  secrets  to  massive  success  here.                                                                                               

$97.00
Save the marriage
cs_image_7

Stop  buying  into  the  four  most  damaging  myths  before  you  begin  your  journey.                                               

$47.00
Sexual reboot program
cs_image_8

The  only  online  recovery  program  guaranteed  to  teach  to  stop  porn  the  easy  way.                                         

$37.00
Natural colic relief
cs_image_9

An  easy,  simple  and  extremely  effective  method  of  natural  colic  relief  that  really  works.                     

$29.99
CB Affiliate Master
cs_image_10

Create  Multiple  Affiliate  Links  And  Pages  To  Your  Product  Instantly                                                                 

$97.00
#1 Yoga Tip For a Tiny Belly
cs_image_11

1  dirty  little  yoga  secret  that  often  leads  women  to  injury,  stress  and  even  weight  gain                       

$37.00

The spear-phishing campaign began last Wednesday. This is almost exactly two years after the Russian hacking group known under a variety of monikers, including APT29 and Cozy Bear, sent a similar barrage of emails that targeted many of the same industries, FireEye said in a blog post. The tactics and techniques used in both post-election campaigns largely overlap, leading FireEye to suspect the new one is also the work of the Russian-government-controlled hacking arm. FireEye researchers Matthew Dunwoody, Andrew Thompson, Ben Withnell, Jonathan Leathery, Michael Matonis, and Nick Carr wrote:

Analysis of this activity is ongoing, but if the APT29 attribution is strengthened, it would be the first activity uncovered from this sophisticated group in at least a year. Given the widespread nature of the targeting, organizations that have previously been targeted by APT29 should take note of this activity. For network defenders, whether or not this activity was conducted by APT29 should be secondary to properly investigating the full scope of the intrusion, which is of critical importance if the elusive and deceptive APT29 operators indeed had access to your environment.

“Secure” communications

At least 38 FireEye clients have been targeted so far in the spear-phishing campaign, Carr told Ars. The emails purport to deliver an official US State Department from a known public-affairs official at the same US agency. The messages were designed to appear as a secure communication that’s hosted on a webpage linked to the official’s personal drive. To further appear legitimate, the message delivers a legitimate State Department form.

Read 9 remaining paragraphs | Comments

Post Author: martin

Avatar
Martin is an enthusiastic programmer, a webdeveloper and a young entrepreneur. He is intereted into computers for a long time. In the age of 10 he has programmed his first website and since then he has been working on web technologies until now. He is the Founder and Editor-in-Chief of BriefNews.eu and PCHealthBoost.info Online Magazines. His colleagues appreciate him as a passionate workhorse, a fan of new technologies, an eternal optimist and a dreamer, but especially the soul of the team for whom he can do anything in the world.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.