Hackers linked to Russia’s security apparatus targeted recognized experts on defense, national security and global affairs in the hours after U.S. election results were announced in an effort to gain total access to the computers system of the think tanks where they work, a cybersecurity firm says.
The hacking attempts involved sending emails that appeared to be from Harvard University or the Clinton Foundation. Among those targeted were researchers at the Brookings Institution. the Council on Foreign Relations –think tanks in Washington and New York – and “several dozen” other organizations.
It was unknown whether any of the attempts were successful.
A Washington-area cybersecurity firm, Volexity, said the attacks came from a Russian hacking gang that was thought to be part of the Russian Federation’s internal security service. The gang is often referred to as Cozy Bear but Volexity refers to it by another name, The Dukes.
“Volexity believes that the Dukes are likely working to gain long-term access into think tanks and (nongovernmental organizations) and will continue to launch new attacks for the foreseeable future,” the security firm’s chief executive, Steven Adair, said in a blog post.
Senior researchers began reporting what are called “spear phishing” attempts against them Wednesday morning. Spear phishing is the term to describe when hackers send emails masquerading as someone known to the target, hoping to lure them into clicking a link that would install malicious code on their computers and give remote operators access to files and communications.
Volexity reported that The Dukes had sent initial waves of tainted emails on Aug. 10 and 25 to think-tank researchers. At that time, the hackers made the emails seem as if they were from people at recognized institutions, like Transparency International and the Center for a New American Security.
The digital bait they used Wednesday, Volexity said, were emails said to contain instant election analysis. One carried a message line: “The ‘Shocking’ Truth About Election Rigging in the United States.” Another posed as an eFax titled: “Elections Outcome Could Be Revised (Facts of Elections Fraud).”
Fake emails the same day spoofed recipients into believing they were either from someone at Harvard’s Faculty of Arts and Sciences, again suggesting analysis of flaws in the U.S. elections, or from the Clinton Foundation, former President Bill Clinton’s philanthropic group.
The emails contained hyperlinks that, if clicked, would install what is known as a back door in the host computers, allowing remote hackers “to examine and control a system.”
“The Dukes continue to launch well-crafted and clever attack campaigns. They have had tremendous success evading anti-virus and anti-malware solutions at both the desktop and mail gateway levels,” Volexity said.
The malicious code used in the bait email “is brand new,” Adair said in a telephone interview. “If you see how they put all these pieces together, it shows that they’ve learned a lot over time.”
Adair said the Russian hackers were not “a ragtag bunch of guys. They know what they’re doing.”