State Department spokeswoman Heather Nauert and her deputy Susan Stevenson were impersonated by hackers in a phishing attempt to gain access to intelligence from a number of U.S. defense and law enforcement agencies.
There are no confirmations of successful hacks against Nauert, Stevenson or the State Department according to Nick Carr, senior manager of FireEye Inc., a cybersecurity research firm.
“The threat actor crafted the phishing emails to masquerade as a U.S. Department of State Public Affairs official sharing an official document,” Carr said, according to The Daily Beast.
Hackers impersonated State Department spokeswoman Heather Nauert and her deputy Susan Stevenson to target hundreds of individuals in U.S. defense and law enforcement agencies, according to cybersecurity experts. https://t.co/0cwCkXc13v
— Stars and Stripes (@starsandstripes) November 20, 2018
Hackers used the infrastructure of a hospital and a consulting company to infiltrate their phishing scheme, Reuters reported.
The hackers then sent out emails to numerous administrations– including military agencies, police agencies, defense contractors, media firms and pharmaceutical companies — with a subject line stating that they were sent a downloadable drive. It resembled a secure communication from Nauert’s deputy to mislead them and the media.
The download was essentially malware that would then load onto the receiver’s computer when clicked.
It’s not certain how many individuals clicked the malware link.
The firm said the hackers are likely connected to Russian intelligence services known as APT29 and Cozy Bear, according to CBS News. This has not yet been confirmed, however, the tactics were very much like these groups past attacks.
APT29 and Cozy Bear are also the groups that scandalously hacked into the Democratic National Committee during a much bigger Russian effort during the 2016 election.
During the Democratic National Committee, several high-profile attacks were wagered, and investigations linked Cozy Bear to Russian spy agencies.
They have also been linked to stolen research on Hillary Clinton and have also spied on Republican operatives’ computers.
Crowdstrike, a cybersecurity firm, said attacks such as these are modern day espionage, according to the Christian Science Monitor. “We have high level confidence both are Russian intelligence agencies,” said Dmitri Alperovitch, Crowdstrike chief technology officer.
Cozy Bear’s methods are similar to hackers who have been linked to Iranian and Chinese government agencies.
In 2017, U.S. officials blamed hackers with ties to Beijing for the massive Office of Personnel Management breach.
According to U.S. officials, it can take months sometimes to detect a successful cyber attack, which was evident with the Nov. 6 primary elections.
However, a State Department representative, who requested anonymity, said they expected the number to be very low and the department’s cybersecurity defenses would thwart any malware attacks.