Report: Russia suspected of hacker attacks on Washington think tanks
MOSCOW, Aug 30 (PRIME) -- A group of hackers, allegedly backed by the Kremlin and calling themselves as Cozy Bear, or ART29, targeted think tanks in Washington, D.C., in late August, online news agency Defense One reported late Monday.
Cozy Bear is one of the two groups that cybersecurity company CrowdStrike blamed for the DNC hack, according to founder Dmitry Alperovitch. CrowdStrike discovered the attack on the DNC and provides security for the think tanks.
Alperovitch said fewer than five organizations and 10 staffers researching Russia were hit by the “highly targeted operation.” He declined to detail which think tanks and researchers were hit, out of concern for his clients’ interests and to avoid revealing tools and techniques or other data to hackers. CrowdStrike alerted the organizations immediately after the company detected the breaches and intruders were unable to exfiltrate any information, Alperovitch said.
Defense One reached out to several think tanks with programs in Russian research, one of which was the Center for Strategic and International Studies (CSIS). “Last week we were under attack, but our small staff was very responsive. Beyond that, I’m not going to discuss the details because it is under active investigation,” Andrew Schwartz, CSIS senior vice president for external relations, said in an email.
“It’s like a badge of honor – any respectable think tank has been hacked. The Russians just don’t get the idea of independent institutions, so they are looking for secret instructions from Obama. Another benefit is they can go to their bosses and show what they took to prove their worth as spies,” James Andrew Lewis, senior vice president and director, strategic technologies program, at CSIS said.
Alperovitch said the hackers could have been trying to access data and information from officials that serve on the boards of prominent Washington think tanks. “Many of these people are former government officials that still advise current government officials,” he said. The goal could have been “to look at their communications with government officials to see if they may have some plundered information that’s been shared with them, or use them as a way to target government.”
The other Russian hacking group that CrowdStrike and other cybersecurity researchers have said was behind the DNC hack is known as Fancy Bear, or APT28, which many in the cybersecurity community believe to be connected to the Russian military.
Researchers also suspect Fancy Bear to be behind the leaking of DNC documents to WikiLeaks.
Importantly, while Fancy Bear breached the DNC in April of this year, CrowdStrike’s research shows that Cozy Bear was on the network far longer, going back to the summer of 2015, potentially allowing them to access exponentially more information. Researchers consider them one of the most advanced persistent threat groups currently in operation.
End