Russian Hackers Strike US Think Tanks After Trump Win

Posted by at 9:34 am on November 11, 2016

russian-flagRussian hackers wasted no time this week, attacking American political think tanks and non-government organizations (NGOs) on Wednesday.

A round of targeted phishing campaigns (attempts to obtain sensitive information by pretending to be a trustworthy entity) came less than six hours after Donald Trump was named President-elect of the US.

According to cyber incident response firm Volexity, the hackers belong to a Russian gang best known for infiltrating computer networks at the Democratic National Committee and the Democratic Congressional Campaign Committee. The group—often referred to as APT29, Cozy Bear, or The Dukes—began targeting research organizations and NGOs in July 2015.

“This represented a fairly significant shift in the group’s previous operations and one that continued in the lead-up to and immediately after the 2016 United States Presidential election,” Volexity founder Steven Adair wrote in a blog post.

The Dukes in August launched several waves of highly targeted spear-phishing attacks, sending spoofed email messages to specific individuals at US-based organizations via backdoor malware dubbed PowerDuke. The same malware, which allows the hackers to examine and control a system, was used again in this week’s post-election invasions.

As reported by Volexity, two of the attacks purported to be messages forwarded from the Clinton Foundation, two posed as eFax links or documents regarding rigged election results, and the last claimed to be a link to a PDF download on “Why American Elections Are Flawed.”

Last month, federal officials said they are “confident” that the Russian government is behind recent attacks of US political organizations, like the DNC. Russian President Vladimir Putin has denied any involvement in said hacks.

“The Dukes continue to launch well-crafted and clever attack campaigns. They have had tremendous success evading anti-virus and anti-malware solutions at both the desktop and mail gateway levels,” Adair wrote on Wednesday. “Volexity believes that The Dukes are likely working to gain long-term access into think tanks and NGOs and will continue to launch new attacks for the foreseeable future.”

Leave a Reply

Sign Up For Our Newsletter

Sign up to receive breaking news
as well as receive other site updates

Enter your Email


Preview | Powered by FeedBlitz

Log in

Copyright © 2008 - 2024 · StreetCorner Media , LLC· All Rights Reserved ·