American political think tanks and NGOs were targeted by a well-known hacking group called The Dukes.
Russian hackers wasted no time this week, attacking American political think tanks and non-government organizations (NGOs) on Wednesday.
A round of targeted phishing campaigns (attempts to obtain sensitive information by pretending to be a trustworthy entity) came less than six hours after Donald Trump was named President-elect of the US.
According to cyber incident response firm Volexity, the hackers belong to a Russian gang best known for infiltrating computer networks at the Democratic National Committee and the Democratic Congressional Campaign Committee.
The group—often referred to as APT29, Cozy Bear, or The Dukes—began targeting research organizations and NGOs in July 2015.
“This represented a fairly significant shift in the group’s previous operations and one that continued in the lead-up to and immediately after the 2016 United States Presidential election,” Volexity founder Steven Adair wrote in a blog post.
The Dukes in August launched several waves of highly targeted spear-phishing attacks, sending spoofed email messages to specific individuals at US-based organizations via backdoor malware dubbed PowerDuke.
The same malware, which allows the hackers to examine and control a system, was used again in this week’s post-election invasions.
As reported by Volexity, two of the attacks purported to be messages forwarded from the Clinton Foundation, two posed as eFax links or documents regarding rigged election results, and the last claimed to be a link to a PDF download on “Why American Elections Are Flawed.”
Last month, federal officials said they are “confident” that the Russian government is behind recent attacks of US political organizations, like the DNC. Russian President Vladimir Putin has denied any involvement in said hacks.
“The Dukes continue to launch well-crafted and clever attack campaigns.
They have had tremendous success evading anti-virus and anti-malware solutions at both the desktop and mail gateway levels,” Adair wrote on Wednesday. “Volexity believes that The Dukes are likely working to gain long-term access into think tanks and NGOs and will continue to launch new attacks for the foreseeable future.”