Fancy Bear Targeted Think Tank

News  |  Feb 1, 2019

Fancy Bear, the same Russian hacking group that stole emails from the Democratic National Committee during the 2016 campaign, launched an attack on the Center for Strategic and International Studies, a Washington, DC think tank. 

This news emerges at the same time President Trump either is ignoring or contradicting his own intelligence chiefs' national security warnings, which state Russia's cyber-influence capabilities are growing. 

CNN

A court in Virginia gave Microsoft control of a group of websites that were intended to look like login sites for the think tank's internal systems, court filings Wednesday show.

Hackers could have used the website domains to set up fake login pages or send emails to people who work with or have Center for Strategic and International Studies email addresses in an attempt to trick them into handing over information, like their passwords.

(...)

Andrew Schwartz, the think tank's chief communications officer, would not comment on whether any information had been accessed. There is no indication from the court filings that the hackers' attempts were successful. 

The court said the websites qualified as "Strontium Domains." Strontium is another name for Fancy Bear. The group is also known by other monikers, including APT28.

(...)

Schwartz told CNN, "CSIS is under consistent cyberattack from a variety of state actors. We spotted this incident immediately and were able to work with Microsoft to put a stop to it."

The domains that were designed to look like they were run by the think tank were LOGIN-CSIS.ORG, CSIS.EVENTS, CSIS.EXCHANGE and CSIS.CLOUD.

Tom Burt, Microsoft's corporate vice president for customer security and trust, told CNN in a statement on Wednesday, "This is part of our ongoing work to protect customers and democratic processes and institutions. We've used this approach 13 times in the last two years to shut down 89 fake websites."

Last August, the same court in Virginia gave Microsoft control of websites targeting the Senate and two other DC think tanks, the Hudson Institute and the International Republican Institute. ...

"Attackers want their attacks to look as realistic as possible and they therefore create websites and URLs that look like sites their targeted victims would expect to receive email from or visit," Brad Smith, Microsoft's president, wrote in a blog post at the time.

Russian group suspected in DNC hack targeted Washington think tank (CNN)