Security firm Volexity believes the emails come from the same Russians accused of hacking the DNC.
Now that the election is over, the Russian teams of hackers suspected of breaking into the Democratic Party’s systems have reportedly launched a new phishing attack on US political think tanks and non-government organizations. Incident response firm Volexity has compiled information on “The Dukes” (aka APT29 or Cozy Bear) that it believes are behind the attacks. This time around, they worked by posing as a Harvard professor, sending links to Microsoft Office Word or Excel documents that contained a macro used to install a malware downloader on that target’s computer. Once installed, it downloads a PNG file that has a backdoor embedded via steganography.
The emails contained headlines like “The “Shocking Truth About Election Rigging in the United States,” and went out over the last couple of days. Other security firms like CrowdStrike have previously named the attackers and linked them to Russia. Now, Reuters quotes AlienVault’s chief scientist Jaime Blasco saying “Probably now they are trying to rush to gain access to certain targets where they can get a better understanding on what is going on in Washington after the election.”