Security firm Volexity believes the emails come from the same Russians accused of hacking the DNC.
Now that the election is over, the Russian teams of hackers suspected of breaking into the Democratic Party’s systems have reportedly launched a new phishing attack on US political think tanks and non-government organizations. Incident response firm Volexity has compiled information on “The Dukes” (aka APT29 or Cozy Bear) that it believes are behind the attacks. This time around, they worked by posing as a Harvard professor, sending links to Microsoft Office Word or Excel documents that contained a macro used to install a malware downloader on that target’s computer. Once installed, it downloads a PNG file that has a backdoor embedded via steganography.
Continue reading “After the election, hackers target think tanks with phishing attacks”