cozybear
Latest
NSA says Russian hackers are trying to steal COVID-19 vaccine research
The US, UK and Canada claim Cozy Bear has targeted health care organizations.
Dutch intelligence had a front-row seat to Russian DNC hack
Of all the ways Russia attempted to exert influence over the outcome of the 2016 presidential election, the hacking of the Democratic National Committee (DNC) and party officials was arguably one of the most damaging blows to the Clinton campaign. And according to an investigation by Dutch media, the national intelligence agency of the Netherlands, AIVD, watched the whole thing play out. Anonymous American and Dutch sources tell the story of the AIVD infiltrating the computer network of a Moscow university building -- a network which just so happened to be used by Russian hacking group Cozy Bear, aka APT29.
Russian hackers are extorting American left-wing groups (updated)
Russian hackers aren't done trying to influence American politics just because the presidential election is over, if you believe Bloomberg's sources. The news outlet understands that the FBI is investigating "at least a dozen" incidents where Russian hackers tried to blackmail US liberal groups. Typically, the intruders threaten to leak embarrassing emails and documents (complete with proof) unless the group pays the equivalent of tens of thousands of dollars in bitcoins. Some of the groups under fire include Arabella Advisors, which helps investors in liberal causes, as well as the think tank Center for American Progress.
After the election, hackers target think tanks with phishing attacks
Now that the election is over, the Russian teams of hackers suspected of breaking into the Democratic Party's systems have reportedly launched a new phishing attack on US political think tanks and non-government organizations. Incident response firm Volexity has compiled information on "The Dukes" (aka APT29 or Cozy Bear) that it believes are behind the attacks. This time around, they worked by posing as a Harvard professor, sending links to Microsoft Office Word or Excel documents that contained a macro used to install a malware downloader on that target's computer. Once installed, it downloads a PNG file that has a backdoor embedded via steganography.