Russians Impersonating US State Department Aide In Hacking Campaign

Uploaded on 2018-11-27 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Hackers linked to the Russian government are impersonating US State Department employees in an operation aimed at infecting computers of US government agencies, think tanks and businesses, two cybersecurity firms told Reuters.

The operation, which began on Wednesday 14th November, suggests Russia is keen to resume an aggressive campaign of attacks on US targets after a lull going into the November 6th US midterm election, according to CrowdStrike and FireEye Inc.

US intelligence agencies have charged that Russia was behind a string of hacks in the 2016 presidential campaign in a bid to boost support for Donald Trump. The US government and private cyber security firms have said Russia was not behind hacking campaigns in this year’s congressional elections. 

In the newly discovered operation, hackers linked to the Russian government sent emails purporting to come from State Department public affairs specialist Susan Stevenson, according to a sample phishing email reviewed by Reuters. 

It encouraged recipients to download malicious documents that claimed to be from Heather Nauert, a State Department official who Trump has said he is considering naming ambassador to the United Nations. 

That file would install malicious software that would grant hackers wide access to their systems, according to FireEye. 

More than 20 FireEye customers were targeted, including military agencies, law enforcement, defense contractors, media companies and pharmaceutical companies, according to the cybersecurity firm. 

CrowdStrike and FireEye did not say how many organisations had been compromised in the campaign or identify specific targets. 

The hackers are part of a group known as APT29, according to FireEye. Dutch intelligence has said that APT29 works for the SVR Russian Foreign Intelligence Service. 

Moscow-based cybersecurity firm Kaspersky Lab confirmed that the campaign was the work of APT29, and said the group had not been active since last year. 

Representatives at the Russian embassy in Washington could not be reached for comment. Moscow has repeatedly denied allegations that it was behind APT29 or other hacking campaigns targeting the United States. 

The attackers first compromised a hospital and a consulting company, then used their infrastructure to send phishing emails that appeared to be secure communication from the State Department, FireEye researcher Nick Carr told Reuters.

Reuters:

You Might Also Read:

What Is The GRU & Who Does It Hack?

« UK Fails To Act Against Cyber Threats
Faster Blockchain For Financial Institutions »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cleafy

Cleafy

Cleafy are a team of fraud hunters, cybersecurity experts, data scientists, and software engineers. Our purpose is to make people’s life easier and free from the threats in the digital ecosystem.

SERMA Safety & Security (S3)

SERMA Safety & Security (S3)

SERMA Safety & Security provides a comprehensive cybersecurity offering incorporating Expertise, Evaluation, Consultancy and Training, covering hardware, software and information systems.

JPCERT/CC

JPCERT/CC

JPCERT/CC is the first Computer Security Incident Response Team (CSIRT) established in Japan.

Cyber Akademie (CAk)

Cyber Akademie (CAk)

Cyber Akademie is a training and education center providing high-quality training and information events on information security and data protection.

Falanx Cyber

Falanx Cyber

Falanx Cyber provides enterprise-class cyber security services and solutions. We deliver end-to-end cyber capabilities, either as specific engagements or as fully-managed services.

Tymlez Software & Consulting

Tymlez Software & Consulting

Tymlez Software and Consulting is a start-up specialised in blockchain technology for enterprises.

Penningtons Manches Cooper

Penningtons Manches Cooper

Penningtons Manches Cooper is a leading UK law firm providing high quality legal advice in areas including Data Protection, Cyber Security and Cyber Crime.

Bright Machines

Bright Machines

Bright Machines delivers intelligent, software-defined manufacturing by bringing together our flexible factory robots with intelligent software, production data and machine learning.

NetSecurity

NetSecurity

NetSecurity is a Brazilian company specializing in Information Security. We provide Managed Security Services (MSS), network security solutions and other specialist services.

Berkeley Varitronic Systems (BVS)

Berkeley Varitronic Systems (BVS)

Berkeley Varitronics Systems is an engineering think tank delivering custom wireless RF engineering products and solutions including cyber security.

Bolt Learning

Bolt Learning

Bolt's Cyber Security eLearning module provides users with an in-depth understanding of cybercrime, how it can occur and what everyone can contribute to preventing it.

BATM Advanced Communications

BATM Advanced Communications

BATM Advanced Communications is a leading provider of real-time technologies for networking and cyber security solutions.

Ruptura InfoSecurity

Ruptura InfoSecurity

Ruptura InfoSecurity provide CREST Accredited Penetration Testing & Offensive Security Services. We secure your critical assets through targeted and research driven penetration testing.

Exium

Exium

At Exium we’ve integrated networking and security in a cloud-delivered Zero Trust platform powered by 5G and open source.

Xcelerate Solutions

Xcelerate Solutions

Xcelerate Solutions is a leading defense and national security company, providing integrated solutions in three service areas – Enterprise Security, Digital Transformation, and Strategic Consulting.

Liverton Security

Liverton Security

Liverton Security is a New Zealand-owned cyber security provider offering consultancy and security-related products to government and commercial customers throughout New Zealand.