Posted on January 19, 2019 at 7:21 PM
According to recent reports, the US D.N.C. (Democratic National Committee) claims to have been targeted by another series of hacking attacks made by a group of Russian hackers. The attacks supposedly occurred after the 2018 midterm elections.
The court documents filed on Thursday state that numerous D.N.C. email addresses were targeted by a Russian-led spearphishing attack on November 14th, 2018. The Committee believes that two separate groups of Russian hackers were behind the attack. In fact, they also claim that there is a high probability that these are the same hackers that broke into their computers during the US presidential race in 2016.
The documents indicate that the new attack was unsuccessful, although the attack in 2016 has had significant consequences, as it supposedly damaged Hillary Clinton’s presidential run. According to reports, the content and time stamps regarding the most recent attack indicate that one of the groups that led the attack might be Cozy Bear.
Security researchers have also investigated the November incident, stating that there is a possibility of the attack being a part of a much larger campaign. The campaign in question supposedly attempted to trick victims into thinking that the emails are coming from the State Department and that it had a dozen targets, or possibly more.
Researchers from FireEye believe that other targets may have included different government agencies, journalists, military and law enforcement officials, pharmaceutical firms, and others. The goals of the attack are not clear, but it is possible that the hackers wanted to uncover Democratic policy positions, the US foreign policy related to Africa, as well as the Democratic plans and thoughts regarding the 2020 elections.
Known details regarding the attack
FireEye further claimed that the November attack shares a lot of similarities with other attacks confirmed to be conducted by Cozy Bear. However, there are some aspects of the attack that were different from the Cozy Bear’s usual method of operation.
One big difference regarding the new attack is that the hackers sent the maximum of three phishing emails to each target. If Cozy Bear made the attack, this deliberate reuse of their tactics would fit the profile, but the lack of aggression during the attack is not a part of this group’s usual methods. For example, they sent as many as 136 emails to a single organization that they targeted in the past.
However, they were also known for taking much stealthier steps once they actually manage to infect targeted devices. Another similarity is the fact that the November attack took control over a hospital email server before sending emails to their real target.
Due to all the similarities, FireEye currently believes that Cozy Bear is the most likely suspect, although there is no direct evidence that would confirm this. Another cybersecurity company, CrowdStrike, also contributed by stating that there was a large spike in hacking activity during November 2018, but there is no way of telling whether this was Cozy Bear’s fault or not.
About Cozy Bear
Cozy Bear is a hacking group believed to be based in Russia. It is also known as “The Dukes,” or “APT 29.” It has been known to researchers since 2016 when they likely started operating. Since then, they were believed to be responsible for numerous hacking attacks against the US Democratic Party, as well as its individual officials.
While some believe that the hacking group might be state-sponsored, the Russian government continuously denied having any connection to the attack or individuals conducting it. Furthermore, they argued that, even if they were responsible, such an act would fall under “military action” category, which is protected by a 1976 law which grants immunity from lawsuits when it comes to actions conducted by foreign governments on the US territory.