|
Russians impersonating U.S. State
Department aide in hacking campaign: researchers
Send a link to a friend
[November 17, 2018]
By Christopher Bing
NEW YORK (Reuters) - Hackers linked to the
Russian government are impersonating U.S. State Department employees in
an operation aimed at infecting computers of U.S. government agencies,
think tanks and businesses, two cybersecurity firms told Reuters.
The operation, which began on Wednesday, suggests Russia is keen to
resume an aggressive campaign of attacks on U.S. targets after a lull
going into the Nov. 6 U.S. midterm election, in which Republicans lost
control of the House of Representatives, according to CrowdStrike and
FireEye Inc <FEYE.O>.
U.S. intelligence agencies have charged that Russia was behind a string
of hacks in the 2016 presidential campaign in a bid to boost support for
Donald Trump. The U.S. government and private cyber security firms have
said Russia was not behind hacking campaigns in this year's
congressional elections.
In the newly discovered operation, hackers linked to the Russian
government sent emails purporting to come from State Department public
affairs specialist Susan Stevenson, according to a sample phishing email
reviewed by Reuters.
It encouraged recipients to download malicious documents that claimed to
be from Heather Nauert, a State Department official who Trump has said
he is considering naming ambassador to the United Nations.
That file would install malicious software that would grant hackers wide
access to their systems, according to FireEye.
More than 20 FireEye customers were targeted, including military
agencies, law enforcement, defense contractors, media companies and
pharmaceutical companies, according to the cybersecurity firm.
CrowdStrike and FireEye did not say how many organizations had been
compromised in the campaign or identify specific targets.
[to top of second column]
|
People enter the State Department Building in Washington, U.S.,
January 26, 2017. REUTERS/Joshua Roberts
The hackers are part of a group known as APT29, according to FireEye.
Dutch intelligence has said that APT29 works for the SVR Russian
Foreign Intelligence Service.
Moscow-based cybersecurity firm Kaspersky Lab confirmed that the
campaign was the work of APT29, and said the group had not been
active since last year.
Representatives at the Russian embassy in Washington could not be
reached for comment. Moscow has repeatedly denied allegations that
it was behind APT29 or other hacking campaigns targeting the United
States.
A State Department spokesman said he had no immediate comment.
The attackers first compromised a hospital and a consulting company,
then used their infrastructure to send phishing emails that appeared
to be secure communication from the State Department, FireEye
researcher Nick Carr told Reuters.
(Reporting by Christopher Bing in New York; editing by Jim Finkle
and Bernadette Baum)
[© 2018 Thomson Reuters. All rights
reserved.]
Copyright 2018 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content. |
