Russians Impersonating US State Department Aide In Hacking Campaign

Uploaded on 2018-11-27 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Hackers linked to the Russian government are impersonating US State Department employees in an operation aimed at infecting computers of US government agencies, think tanks and businesses, two cybersecurity firms told Reuters.

The operation, which began on Wednesday 14th November, suggests Russia is keen to resume an aggressive campaign of attacks on US targets after a lull going into the November 6th US midterm election, according to CrowdStrike and FireEye Inc.

US intelligence agencies have charged that Russia was behind a string of hacks in the 2016 presidential campaign in a bid to boost support for Donald Trump. The US government and private cyber security firms have said Russia was not behind hacking campaigns in this year’s congressional elections. 

In the newly discovered operation, hackers linked to the Russian government sent emails purporting to come from State Department public affairs specialist Susan Stevenson, according to a sample phishing email reviewed by Reuters. 

It encouraged recipients to download malicious documents that claimed to be from Heather Nauert, a State Department official who Trump has said he is considering naming ambassador to the United Nations. 

That file would install malicious software that would grant hackers wide access to their systems, according to FireEye. 

More than 20 FireEye customers were targeted, including military agencies, law enforcement, defense contractors, media companies and pharmaceutical companies, according to the cybersecurity firm. 

CrowdStrike and FireEye did not say how many organisations had been compromised in the campaign or identify specific targets. 

The hackers are part of a group known as APT29, according to FireEye. Dutch intelligence has said that APT29 works for the SVR Russian Foreign Intelligence Service. 

Moscow-based cybersecurity firm Kaspersky Lab confirmed that the campaign was the work of APT29, and said the group had not been active since last year. 

Representatives at the Russian embassy in Washington could not be reached for comment. Moscow has repeatedly denied allegations that it was behind APT29 or other hacking campaigns targeting the United States. 

The attackers first compromised a hospital and a consulting company, then used their infrastructure to send phishing emails that appeared to be secure communication from the State Department, FireEye researcher Nick Carr told Reuters.

Reuters:

You Might Also Read:

What Is The GRU & Who Does It Hack?

« UK Fails To Act Against Cyber Threats
Faster Blockchain For Financial Institutions »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Vaddy

Vaddy

Vaddy provide an automatic web vulnerability scanner for DevOps that performs robust security checks to ensure that web app code is secure.

Acalvio Technologies

Acalvio Technologies

Acalvio provides Advanced Threat Defense (ATD) solutions to detect, engage and respond to malicious activity inside the perimeter.

Titanium Industrial Security

Titanium Industrial Security

Titanium Industrial Security specializes in advising and accompanying companies on cybersecurity in Connected Industry (Industry 4.0 / Smart Factory / IIoT).

Zettaset

Zettaset

Zettaset’s XCrypt Data Encryption Platform delivers proven protection for Object, Relational/SQL, NoSQL, and Hadoop data stores…in the cloud and on-premises.

InPhySec

InPhySec

InPhySec is a leading New Zealand information, physical and cyber security company.

CyberSaint Security

CyberSaint Security

CyberSaint’s CyberStrong Platform empowers organizations to implement automated, intelligent cybersecurity compliance and risk management.

EarlyBirds

EarlyBirds

EarlyBirds is a real-time Open Innovation and OSINT ecosystem that connects organizations with Innovators, Early Adopters, and Subject Matter Experts (SMEs).

Cyber Risk Aware

Cyber Risk Aware

Cyber Risk Aware provide a security awareness and phishing simulation platform that focuses on real threats and educates and empowers employees to be the first line of defence.

Cohesity

Cohesity

Cohesity radically simplifies the way businesses back up, manage, protect, and extract value from their data—in the data center, at the edge, and in the cloud.

Analygence

Analygence

ANALYGENCE is your trusted partner for mission support, cyber solutions, and management services.

Herzing College

Herzing College

Herzing College Ottawa offers an accelerated 12-month Cybersecurity Specialist training program. This program is developed by industry experts and based on leading IT security certifications.

ProArch

ProArch

ProArch is a global team of multidisciplinary experts in cloud, infrastructure, data analytics, cybersecurity, compliance, and software development.

endpointX

endpointX

endpointX is a preventative cyber security company. We help companies minimize their risk of breach by improving cyber hygiene.

ARC Risk and Compliance

ARC Risk and Compliance

ARC Risk and Compliance is a consulting company comprised of a team of AML Specialists completely focused on anti-money laundering compliance and the technologies used to support compliance programs.

Amnet Technology Solutions (Amnet Systems)

Amnet Technology Solutions (Amnet Systems)

Amnet Systems is a technology services organization that provides Managed IT, Cloud Computing, Cyber Security, Data Center and Audio Visual services since 1995.

Attura

Attura

Atturra is one of Australia's leading advisory and IT solutions providers, focused on providing end-to-end transformation services to its clients.