Hackers linked to Russia’s security apparatus targeted recognized experts on defense, national security and global affairs in the hours after U.S. election results were announced in an effort to gain total access to the computers system of the think tanks where they work, a cybersecurity firm says.
The hacking attempts involved sending emails that appeared to be from Harvard University or the Clinton Foundation. Among those targeted were researchers at the Brookings Institution. the Council on Foreign Relations –think tanks in Washington and New York – and “several dozen” other organizations.
It was unknown whether any of the attempts were successful.
A Washington-area cybersecurity firm, Volexity, said the attacks came from a Russian hacking gang that was thought to be part of the Russian Federation’s internal security service. The gang is often referred to as Cozy Bear but Volexity refers to it by another name, The Dukes.
“Volexity believes that the Dukes are likely working to gain long-term access into think tanks and (nongovernmental organizations) and will continue to launch new attacks for the foreseeable future,” the security firm’s chief executive, Steven Adair, said in a blog post.
Senior researchers began reporting what are called “spear phishing” attempts against them Wednesday morning. Spear phishing is the term to describe when hackers send emails masquerading as someone known to the target, hoping to lure them into clicking a link that would install malicious code on their computers and give remote operators access to files and communications.
Volexity reported that The Dukes had sent initial waves of tainted emails on Aug. 10 and 25 to think-tank researchers. At that time, the hackers made the emails seem as if they were from people at recognized institutions, like Transparency International and the Center for a New American Security.
The digital bait they used Wednesday, Volexity said, were emails said to contain instant election analysis. One carried a message line: “The ‘Shocking’ Truth About Election Rigging in the United States.” Another posed as an eFax titled: “Elections Outcome Could Be Revised (Facts of Elections Fraud).”
Fake emails the same day spoofed recipients into believing they were either from someone at Harvard’s Faculty of Arts and Sciences, again suggesting analysis of flaws in the U.S. elections, or from the Clinton Foundation, former President Bill Clinton’s philanthropic group.
The emails contained hyperlinks that, if clicked, would install what is known as a back door in the host computers, allowing remote hackers “to examine and control a system.”
“The Dukes continue to launch well-crafted and clever attack campaigns. They have had tremendous success evading anti-virus and anti-malware solutions at both the desktop and mail gateway levels,” Volexity said.
The malicious code used in the bait email “is brand new,” Adair said in a telephone interview. “If you see how they put all these pieces together, it shows that they’ve learned a lot over time.”
Adair said the Russian hackers were not “a ragtag bunch of guys. They know what they’re doing.”
Among researchers who acknowledged either directly to McClatchy or on Twitter that they had been targeted were Adam Segal, a digital security expert at the Council on Foreign Relations, and Maeve Whelan-Wuest, a research assistant who works on East Asia issues at Brookings.
Russia denied for months that it was behind headline-grabbing hacking attempts in the United States, such as against the Democratic National Committee and the campaign of Hillary Clinton. But on Oct. 12, President Vladimir Putin changed the tone, focusing on public leaks of the hacked internal DNC emails and those of Clinton campaign Chairman John Podesta.
“Everyone is saying, ‘Who did it?’ ” Putin said at a public event. “But does it matter that much? It’s what is inside the information that matters.” Foreign Minister Sergei Lavrov spoke of the hacking accusations the same day on CNN. “We did not deny this,” Lavrov said, adding however that, “They did not prove it.”
The Obama administration has accused Russia of being behind the DNC hacks and has said the subsequent release of the emails to WikiLeaks was an effort to influence the U.S. elections.
President-elect Donald Trump has said there’s no proof of a Russian connection to the DNC intrusion. He’s made no comment on the possible Russian connection since his triumph in Tuesday’s elections.