Hackers Linked to Russia Impersonate US Officials

[silversurfer]

In a targeted campaign directed at multiple organizations across law enforcement, media, pharmaceutical and other public sectors, hackers with alleged ties to the Russian government have been trying to infiltrate US government computers and networks, according to a new report published by FireEye.

Malicious phishing activity believed to be conducted by the advanced persistent threat (APT) hacking group APT29, also known as Cozy Bear, was detected on November 14, 2018. According to the FireEye report, “The attempts involved a phishing email appearing to be from the U.S. Department of State with links to zip files containing malicious Windows shortcuts that delivered Cobalt Strike Beacon.”

Attackers reportedly compromised the email server of a hospital and a consulting company’s corporate website in order to distribute phishing emails. “The phishing emails were made to look like secure communication from a Public Affairs official at the U.S. Department of State, hosted on a page made to look like another Department of State Public Affairs official's personal drive, and used a legitimate Department of State form as a decoy,” FireEye said.

Source: https://www.infosecurity-magazine.com/ne...to-russia/