Russian APT comes back to life with new US spear-phishing campaign

Russian APT comes back to life with new US spear-phishing campaign 1

A Russian state-sponsored cyber-espionage group has come back to life after a one-year period of inactivity with a relative large spear-phishing campaign that has targeted both the US government and private sector.

The hacking group is known in infosec circles as Cozy Bear, APT29, The Dukes, or PowerDuke, and is infamous because it’s one of the two Russian state hacking crews that hacked the Democratic National Committee before the 2016 US Presidential Elections.

“On 14 November 2018, CrowdStrike detected a widespread spear-phishing campaign against multiple sectors,” Adam Meyers, VP of Intelligence told ZDNet today.

“These messages purported to be from an official with the U.S. Department of State and contained links to a compromised legitimate website,” he added. “Individuals receiving the emails worked at organizations in a range of sectors including in think tank, law enforcement, government, and business information services.

“Attribution for this activity is still in progress; however, the Tactics, Techniques, and Procedures (TTPs) and targeting are consistent with previously identified campaigns from the Russia-based actor COZY BEAR,” Meyers said.

However, CrowdStrike was just one of the many cyber-security firms that picked up this week’s APT29 activities. FireEye and other members of the cyber-security industry have been analyzing and tearing apart the spear-phishing campaign on Twitter all week [1, 2, 3].

FireEye, in particular, confirmed that 20 of its customers had received Cozy Bear’s spear-phishing emails –customers across “Defense, Imagery, Law Enforcement, Local Government, Media, Military, Pharmaceutical, Think Tank, Transportation, & US Public Sector industries in multiple geographic regions.”

The spear-phishing campaign came out of nowhere and surprised most security experts. Before this week’s discoveries, the group had been silent for more than a year.

The last time cyber-security firms detected a Cozy Bear campaign, the hackers targeted members of the Norwegian and Dutch governments in 2017, and US think tanks and NGOs in late 2016.

In the aftermath of the infamous DNC hack, CrowdStrike experts said the group appeared to have affiliations to the FSB, Russia’s main intelligence service, a department previously led by Vladimir Putin a few years before becoming Russia’s president.

The group is considered to be one of Russia’s top hacking outfits. Cyber-security firms have seen it operate using more advanced hacking tool compared to other Russian APTs, and paying more attention to hiding its operations, unlike Fancy Bear (APT28), another Russian cyber-espionage group whose name has become commonplace for many Americans due to its lackadaisical attempts at hiding its origin and operations, and attempts at influencing public opinion on various topics.

More security coverage:

About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews



bitcoin
Bitcoin (BTC) $ 61,301.00
ethereum
Ethereum (ETH) $ 4,225.37
binance-coin
Binance Coin (BNB) $ 489.07
tether
Tether (USDT) $ 1.00
cardano
Cardano (ADA) $ 2.02
solana
Solana (SOL) $ 198.09
xrp
XRP (XRP) $ 1.06
polkadot
Polkadot (DOT) $ 42.72
dogecoin
Dogecoin (DOGE) $ 0.326834
shiba-inu
Shiba Inu (SHIB) $ 0.000072
USD
EUR
GBP
bitcoinBitcoin (BTC)
$ 61,301.00
ethereumEthereum (ETH)
$ 4,225.37
tetherTether (USDT)
$ 1.00
bitcoin-cashBitcoin Cash (BCH)
$ 572.75
litecoinLitecoin (LTC)
$ 188.75
bitcoinBitcoin (BTC)
52.829,75
ethereumEthereum (ETH)
3.641,46
tetherTether (USDT)
0,861809
bitcoin-cashBitcoin Cash (BCH)
493,60
litecoinLitecoin (LTC)
162,67
bitcoinBitcoin (BTC)
44,515.87
ethereumEthereum (ETH)
3,068.40
tetherTether (USDT)
0.726185
bitcoin-cashBitcoin Cash (BCH)
415.92
litecoinLitecoin (LTC)
137.07

Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

Behind The Scenes: How this Crypto Community Responded to + $50m Hack
October 18, 2021
Crypto Scams
Crypto Scams Still Persistent In 2021, SEC Warns About Red Flags To Watch
September 9, 2021
Poly Network
Here’s How Hackers Stole Over $600 million in the Poly Network Attack
August 12, 2021
The World’s Most Infamous Crypto Hacks and Scams
July 31, 2021
Cryptocurrency Exchanges
Cryptocurrency Exchanges and the Plague of Scams and Bans
June 29, 2021

Blockchain/Cryptocurrency Questions and Answers

Bitcoin's Popularity
Top Reasons Why Bitcoin’s Popularity is Growing
October 28, 2021
Ethereum
Everything You Ever Wanted To Know About Ethereum
October 28, 2021
Top 5 Crypto Funds You Should Definitely Follow Too
October 28, 2021
ICo Presale
The Science Behind ICO Presales…
October 14, 2021
Beginner’s Guide to Investing in Cryptocurrency
August 9, 2021


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin61,378 0.16 % 4.02 % 7.34 %
Ethereum4,234.2 0.81 % 5.92 % 1.54 %
Binance Coin490.40 0.27 % 8.06 % 2.53 %
Tether0.9986 0.03 % 0.08 % 0.23 %
Cardano2.020 0.27 % 2.14 % 8.13 %
Solana197.59 0.22 % 4.52 % 12.52 %
XRP1.070 0.63 % 4.70 % 6.67 %
Polkadot30.87 2.19 % 17.29 % 10.73 %
Dogecoin0.3309 1.31 % 32.96 % 30.01 %
Shiba Inu0.00006764 5.62 % 1.62 % 131.32 %

bitcoin
Bitcoin (BTC) $ 61,301.00
ethereum
Ethereum (ETH) $ 4,225.37
binance-coin
Binance Coin (BNB) $ 489.07
tether
Tether (USDT) $ 1.00
cardano
Cardano (ADA) $ 2.02
solana
Solana (SOL) $ 198.09
xrp
XRP (XRP) $ 1.06
polkadot
Polkadot (DOT) $ 42.72
dogecoin
Dogecoin (DOGE) $ 0.326834
shiba-inu
Shiba Inu (SHIB) $ 0.000072