Russians Impersonating US State Department Aide In Hacking Campaign

Uploaded on 2018-11-27 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Hackers linked to the Russian government are impersonating US State Department employees in an operation aimed at infecting computers of US government agencies, think tanks and businesses, two cybersecurity firms told Reuters.

The operation, which began on Wednesday 14th November, suggests Russia is keen to resume an aggressive campaign of attacks on US targets after a lull going into the November 6th US midterm election, according to CrowdStrike and FireEye Inc.

US intelligence agencies have charged that Russia was behind a string of hacks in the 2016 presidential campaign in a bid to boost support for Donald Trump. The US government and private cyber security firms have said Russia was not behind hacking campaigns in this year’s congressional elections. 

In the newly discovered operation, hackers linked to the Russian government sent emails purporting to come from State Department public affairs specialist Susan Stevenson, according to a sample phishing email reviewed by Reuters. 

It encouraged recipients to download malicious documents that claimed to be from Heather Nauert, a State Department official who Trump has said he is considering naming ambassador to the United Nations. 

That file would install malicious software that would grant hackers wide access to their systems, according to FireEye. 

More than 20 FireEye customers were targeted, including military agencies, law enforcement, defense contractors, media companies and pharmaceutical companies, according to the cybersecurity firm. 

CrowdStrike and FireEye did not say how many organisations had been compromised in the campaign or identify specific targets. 

The hackers are part of a group known as APT29, according to FireEye. Dutch intelligence has said that APT29 works for the SVR Russian Foreign Intelligence Service. 

Moscow-based cybersecurity firm Kaspersky Lab confirmed that the campaign was the work of APT29, and said the group had not been active since last year. 

Representatives at the Russian embassy in Washington could not be reached for comment. Moscow has repeatedly denied allegations that it was behind APT29 or other hacking campaigns targeting the United States. 

The attackers first compromised a hospital and a consulting company, then used their infrastructure to send phishing emails that appeared to be secure communication from the State Department, FireEye researcher Nick Carr told Reuters.

Reuters:

You Might Also Read:

What Is The GRU & Who Does It Hack?

« UK Fails To Act Against Cyber Threats
Faster Blockchain For Financial Institutions »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Team Cymru Research NFP

Team Cymru Research NFP

Team Cymru Research is a group of technologists passionate about making the Internet more secure and dedicated to that goal.

Oracle Cloud Security

Oracle Cloud Security

Oracle’s cloud security solutions enable organizations to implement and manage consistent security policies across the hybrid data center.

Saviynt

Saviynt

Saviynt is a leading provider of Cloud Security and Identity Governance solutions.

Ceerus

Ceerus

Ceerus was created to simplify the process of deploying and managing security across all the channels in an organisation.

FFRI Security

FFRI Security

FFRI is committed to research and development of preventing the most advanced cyber-attacks and breaches.

Sternum

Sternum

Sternum provides reliable and effective endpoint security for any IoT device, using robust technology and seamless integration.

Ecubel

Ecubel

Ecubel is the market leader in Belgium in buying and selling used IT harware guaranteed by a certified data erasure.

Client Solution Architects (CSA)

Client Solution Architects (CSA)

Client Solution Architects (CSA) is a leading digital transformation consulting firm focused on the U.S. Defense Department and all U.S. Federal enterprise information technology service areas.

SECUINFRA

SECUINFRA

SECUINFRA has been supporting companies in detecting, analyzing and defending against cyber attacks since 2010.

Cheops Technology

Cheops Technology

Cheops is a specialist in IT Business Technology Services. We help SMEs and large companies build, optimize and manage their IT so they can focus on their core business.

Feroot Security

Feroot Security

Feroot Security secures client-side web applications so that businesses can deliver a flawless user experience to their customers. Our products help organizations protect their client-side surface.

Lupovis

Lupovis

Lupovis is an AI-based deception solution that deploys active decoys turning your network from a flock of sheep to a pack of wolves where the hunter becomes the hunted.

Clarabot Nano

Clarabot Nano

Nano is the secure file sharing tool to improve content search, data access and collaboration between multiple parties.

Canadian Cyber Threat Exchange (CCTX)

Canadian Cyber Threat Exchange (CCTX)

The CCTX is Canada’s not-for-profit, private-sector cyber threat sharing hub and collaboration centre.

Sardine

Sardine

Sardine is a leader in financial crime prevention. Using unparalleled device intelligence and behavior biometrics, Sardine applies machine learning to detect and stop fraud before it happens.

Elitery

Elitery

Elitery is an IT-managed service company that focuses on cloud and cybersecurity services.