Cozy Bear Returns With Post-Election Spear-Phishing Campaign

Attackers suspected of working for the Russian government masqueraded as a US State Department official in an attempt to infect dozens of organizations in government, military, defence contracting, media, and other industries, researchers from security firm FireEye have warned.

The tactics, techniques and procedures are akin to those used previously by the Russian APT group Cozy Bear, aka APT29.

At least 38 FireEye clients have been targeted so far in the spear-phishing campaign.

Commenting on the approach and possible intentions of the attack, and the US government’s need to protect it’s agencies, employees and citizens, is Tim Sadler, co-founder and CEO at Tessian.

Tim Sadler, Co-founder and CEO at Tessian:

“These attacks attempted to infect dozens of organisations across a range of government departments and industries, because they were part of a coordinated and highly sophisticated spear-phishing campaign. Strong-form impersonation phishing methods can be advanced and nuanced to the point of being totally indiscernible to unsuspecting victims. As a result, these attacks are very difficult to thwart from a technological standpoint, and therefore, have a high likelihood of success.

The goal of such a campaign is to extract sensitive and valuable data from unwitting targets. The damage can be tremendous both financially and reputationally.

The failure of federal agencies to meet longstanding DMARC mandates, coupled with the sophisticated tactics demonstrated by the Russian APT29/ Cozy Bear group, should be a real cause of concern for the US government.

Rather than reactively responding to attacks after they’ve caused financial and infrastructural damage, the government and targeted organizations needs to adopt a more proactive approach to protecting its email networks, employees and the wider public.

It’s worth noting that the direct similarity between this attack and the one that hit the DNC in 2016 doesn’t mean that Russian APT groups will not evolve their techniques. On the contrary, they possess the nation-state resources to develop original, sophisticated and hard-to-detect attack forms, which agencies must anticipate and prepare for, especially if this incident marks the revival of aggressive and persistent Russian campaigning.”

Experts Comments

Stay Tuned! Our Information Security Experts Community is responding .....

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.