Russian Hackers Impersonate State Department Aide

News  |  Nov 16, 2018

UPDATE: From ABC News' State Department reporter/producer

abc tweet


Cybersecurity experts say APT29, the Russian hacking threat also known as Cozy Bear, launched a new effort Wednesday to try to access government, think tank, and business computers by sending malware hidden in email that seemed to be sent by a State Department aide. 

Reuters

In the newly discovered operation, hackers linked to the Russian government sent emails purporting to come from State Department public affairs specialist Susan Stevenson, according to a sample phishing email reviewed by Reuters. 

It encouraged recipients to download malicious documents that claimed to be from Heather Nauert, a State Department official who Trump has said he is considering naming ambassador to the United Nations. 

That file would install malicious software that would grant hackers wide access to their systems, according to FireEye.

More than 20 FireEye customers were targeted, including military agencies, law enforcement, defense contractors, media companies and pharmaceutical companies, according to the cybersecurity firm. 

CrowdStrike and FireEye did not say how many organizations had been compromised in the campaign or identify specific targets.

(...)

Moscow-based cybersecurity firm Kaspersky Lab confirmed that the campaign was the work of APT29, and said the group had not been active since last year.

(...)

The attackers first compromised a hospital and a consulting company, then used their infrastructure to send phishing emails that appeared to be secure communication from the State Department, FireEye researcher Nick Carr told Reuters. 

Russians impersonating U.S. State Department aide in hacking campaign: researchers (Reuters)