A Russian state-sponsored cyber-espionage group has come back to life after a one-year period of inactivity with a relative large spear-phishing campaign that has targeted both the US government and private sector.
Security
The hacking group is known in infosec circles as Cozy Bear, APT29, The Dukes, or PowerDuke, and is infamous because it's one of the two Russian state hacking crews that hacked the Democratic National Committee before the 2016 US Presidential Elections.
"On 14 November 2018, CrowdStrike detected a widespread spear-phishing campaign against multiple sectors," Adam Meyers, VP of Intelligence told ZDNet today.
ZDNet: Black Friday 2018 deals: Business Bargain Hunter's top picks | Cyber Monday 2018 deals: Business Bargain Hunter's top picks
"These messages purported to be from an official with the U.S. Department of State and contained links to a compromised legitimate website," he added. "Individuals receiving the emails worked at organizations in a range of sectors including in think tank, law enforcement, government, and business information services.
"Attribution for this activity is still in progress; however, the Tactics, Techniques, and Procedures (TTPs) and targeting are consistent with previously identified campaigns from the Russia-based actor COZY BEAR," Meyers said.
However, CrowdStrike was just one of the many cyber-security firms that picked up this week's APT29 activities. FireEye and other members of the cyber-security industry have been analyzing and tearing apart the spear-phishing campaign on Twitter all week [1, 2, 3].
FireEye, in particular, confirmed that 20 of its customers had received Cozy Bear's spear-phishing emails --customers across "Defense, Imagery, Law Enforcement, Local Government, Media, Military, Pharmaceutical, Think Tank, Transportation, & US Public Sector industries in multiple geographic regions."
The spear-phishing campaign came out of nowhere and surprised most security experts. Before this week's discoveries, the group had been silent for more than a year.
The last time cyber-security firms detected a Cozy Bear campaign, the hackers targeted members of the Norwegian and Dutch governments in 2017, and US think tanks and NGOs in late 2016.
In the aftermath of the infamous DNC hack, CrowdStrike experts said the group appeared to have affiliations to the FSB, Russia's main intelligence service, a department previously led by Vladimir Putin a few years before becoming Russia's president.
The group is considered to be one of Russia's top hacking outfits. Cyber-security firms have seen it operate using more advanced hacking tool compared to other Russian APTs, and paying more attention to hiding its operations, unlike Fancy Bear (APT28), another Russian cyber-espionage group whose name has become commonplace for many Americans due to its lackadaisical attempts at hiding its origin and operations, and attempts at influencing public opinion on various topics.
More security coverage:
- DOD disables file sharing service due to 'security risks'
- After the midterm elections, the odds improve a little for a US privacy law CNET
- US, Russia, China don't sign Macron's cyber pact
- US has a cyberattack ready if Russia interferes with 2018 midterms TechRepublic
- Phishing and spearphishing: A cheat sheet for business professionals TechRepublic
- GreyEnergy: New malware campaign targets critical infrastructure companies
- Trump signs bill that creates the Cybersecurity and Infrastructure Security Agency
Best Black Friday 2018 deals:
- Amazon Seven Days of Black Friday Deals: All-time lows on office devices
- Amazon Black Friday 2018 deals: See early sales on Echo, Fire HD
- Best Buy Black Friday 2018 deals: Deep discounts on Apple Mac, Microsoft Surface
- Target Black Friday 2018 deals: $250 iPad mini 4, $120 Chromebook
- Walmart Black Friday 2018 deals: $99 Chromebook, $89 Windows 2-in-1
- Dell Black Friday 2018 deals: $120 Inspiron laptop, $500 gaming desktop
- Newegg Black Friday 2018 deals: $50 off Moto G6, $70 off Nest thermostat
- Office Depot Black Friday 2018 deals: $300 off Lenovo Flex, $129 HP Chromebook
- eBay Black Friday 2018 deals: See early sales on Galaxy Watch, Chromecast
- Lenovo Black Friday 2018 deals: ThinkPad laptops and more
- Microsoft Store Black Friday 2018 deals: Ad showcases Surface, laptop deals
- Windows laptops Black Friday deals: Dell, HP, Lenovo
- Chromebook Black Friday 2018 deals: Dell, Google, HP
- Best tablet Black Friday deals: Apple iPad, Amazon Fire
- Black Friday 2018 iPhone deals: $400 iPhone X gift card, BOGO iPhone XR
- Black Friday 2018 smartphone deals: OnePlus 6T, LG G7