Think tanks and NGOs have received a flurry of spear phishing attempts linked to a Russian espionage group since the election.
“Think tanks being targeted by APT29/COZY today, spearphishing emails claiming to be about election,” tweeted Adam Segal, Lipman chair of emerging technologies at the Council on Foreign Relations, on Wednesday.
APT 29, also called Cozy Bear, is a hacking group believed to be connected with the Russian government. It recently made headlines as part of the hack on the Democratic National Committee.
The attempts echoed attacks over the past couple of years similarly targeting think tanks, universities and NGOs, including Transparency International, the International Institute for Strategic Studies, Eurasia Group and the Council on Foreign Relations.
“These e-mails came from a mix of attacker created Google Gmail accounts and what appears to be compromised e-mail accounts at Harvard’s Faculty of Arts and Sciences (FAS),” wrote security firm Volexity in its report on the attack.
“These e-mails were sent in large quantities to different individuals across many organizations and individuals focusing in national security, defense, international affairs, public policy, and European and Asian studies.”
In addition to Harvard faculty, emails also posed as messages from the Clinton Foundation.
The emails contained what appeared to be research about the election with eye-catching titles like “Why American Elections are Flawed” and “The ‘Shocking’ Truth About Election Rigging.”
Anyone who downloaded and opened one of these papers would inadvertently install a backdoor into their systems known as PowerDuke used by Cozy Bear in the past.
“Volexity believes that the Dukes are likely working to gain long-term access into think tanks and NGOs and will continue to launch new attacks for the foreseeable future,” concluded the firm's report.