Hackers with ties to the Russian government are using a spear-phishing campaign to impersonate Department of State employees, according to cybersecurity firms FireEye and CrowdStrike. The new attack, which was detected Nov. 14 and became public knowledge Nov. 16, is from the Russian hacker group known as Cozy Bear, APT29, The Dukes, or PowerDuke–one of the two groups that hacked the Democratic National Committee ahead of the 2016 presidential election. The hackers are part of a larger group called APT29–Dutch intelligence agencies have said APT29 works for the SVR Russian Foreign Intelligence Service. The hackers are using emails that appear to be from State Department public affairs specialist Susan Stevenson, but actually contain links to a compromised legitimate website, Reuters reported. The news outlet also reported that the emails encouraged recipients to download documents, which claimed to be from Heather Nauert–a State Department official that Trump has said is in the running to be named the ambassador to the United Nations–but which actually contained malware. Once the malware was downloaded, the hackers would have wide access to the compromised user’s system. Unsurprisingly, CrowdStrike and FireEye wouldn’t say how many organizations were compromised or identify specific targets.
