Russians Impersonating US State Department Aide In Hacking Campaign

Uploaded on 2018-11-27 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Hackers linked to the Russian government are impersonating US State Department employees in an operation aimed at infecting computers of US government agencies, think tanks and businesses, two cybersecurity firms told Reuters.

The operation, which began on Wednesday 14th November, suggests Russia is keen to resume an aggressive campaign of attacks on US targets after a lull going into the November 6th US midterm election, according to CrowdStrike and FireEye Inc.

US intelligence agencies have charged that Russia was behind a string of hacks in the 2016 presidential campaign in a bid to boost support for Donald Trump. The US government and private cyber security firms have said Russia was not behind hacking campaigns in this year’s congressional elections. 

In the newly discovered operation, hackers linked to the Russian government sent emails purporting to come from State Department public affairs specialist Susan Stevenson, according to a sample phishing email reviewed by Reuters. 

It encouraged recipients to download malicious documents that claimed to be from Heather Nauert, a State Department official who Trump has said he is considering naming ambassador to the United Nations. 

That file would install malicious software that would grant hackers wide access to their systems, according to FireEye. 

More than 20 FireEye customers were targeted, including military agencies, law enforcement, defense contractors, media companies and pharmaceutical companies, according to the cybersecurity firm. 

CrowdStrike and FireEye did not say how many organisations had been compromised in the campaign or identify specific targets. 

The hackers are part of a group known as APT29, according to FireEye. Dutch intelligence has said that APT29 works for the SVR Russian Foreign Intelligence Service. 

Moscow-based cybersecurity firm Kaspersky Lab confirmed that the campaign was the work of APT29, and said the group had not been active since last year. 

Representatives at the Russian embassy in Washington could not be reached for comment. Moscow has repeatedly denied allegations that it was behind APT29 or other hacking campaigns targeting the United States. 

The attackers first compromised a hospital and a consulting company, then used their infrastructure to send phishing emails that appeared to be secure communication from the State Department, FireEye researcher Nick Carr told Reuters.

Reuters:

You Might Also Read:

What Is The GRU & Who Does It Hack?

« UK Fails To Act Against Cyber Threats
Faster Blockchain For Financial Institutions »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

National Trading Standards eCrime Team (NTSeCT) - United Kingdom

National Trading Standards eCrime Team (NTSeCT) - United Kingdom

The National Trading Standards eCrime Team tackles online consumer scams, rip-offs and fraud, as well as those committed by text or email.

Cloud53

Cloud53

Clolud53 is a Manchester based Managed Cyber Security & Cloud company providing solutions focused around you.

Lanner Electronics

Lanner Electronics

Lanner Electronics is a leading hardware provider for advanced network appliances and industrial automation solutions including cyber security.

DataSunrise

DataSunrise

DataSunrise Data-Centric high-performance security software protects the sensitive data in real-time in cloud or on premises, and helps organizations to stay compliant.

Identillect Technologies

Identillect Technologies

Identillect Technologies provide a user-friendly secure email solution to protect critical information, with an emphasis on simplicity.

Silicon:SAFE

Silicon:SAFE

Silicon:SAFE develops impenetrable hardware solutions that prevent bulk data theft during a cyber-attack.

AngelList

AngelList

AngelList champion startups and the people who empower them. Search tech & startup jobs, find new tech products, and invest in startups.

ITTAS

ITTAS

ITTAS is a multidisciplinary company specializing in information security and software and hardware protection software.

Switchfast Technologies

Switchfast Technologies

Switchfast Technologies is an IT consulting and managed services provider, offering IT support and consulting to Chicagoland small businesses.

Sollensys

Sollensys

Sollensys is a leader in commercial blockchain applications. Our flagship product, The Blockchain Archive Server™ is the best defense against the devastating financial loss that ransomware causes.

Tozny

Tozny

Tozny offers products with security and privacy in mind that are built on the foundation of end-to-end encryption, and open-source verifiable software.

Global Market Innovators (GMI)

Global Market Innovators (GMI)

Global Market Innovators (GMI) delivers secure technology solutions to organizations in need.

VP Techno Labs

VP Techno Labs

VP Techno Labs is an award-winning cybersecurity firm focusing only cybersecurity to develop cutting edge solutions for emerging business.

Sonet.io

Sonet.io

Sonet.io is built for IT leaders that want a great experience for their remote workers, while enhancing security and observability.

FutureRange

FutureRange

Specialising in IT Managed Services, Cybersecurity and Digital Transformation, FutureRange experts provide professional IT services for clients throughout Ireland and beyond.

ThreatView by Turaco Labs

ThreatView by Turaco Labs

ThreatView combines extensive experience in digital forensics with advanced analytics and threat detection capabilities to protect eCommerce websites.