“In the wake of the 2016 United States Presidential Election, not even six hours after Donald Trump became the nation’s President-Elect, an advanced persistent threat (APT) group launched a series of coordinated and well-planned spear phishing campaigns,” according to a report from the Washington, D.C.-based cyber incident response firm Volexity.

— Five different attack waves were detected with a heavy focus on U.S.-based think tanks and non-governmental organizations (NGOs). These e-mails came from a mix of attacker created Google Gmail accounts and what appears to be compromised e-mail accounts at Harvard’s Faculty of Arts and Sciences (FAS).

— The emails were sent in large quantities to different individuals across many organizations and individuals focusing on national security, defense, international affairs, public policy, and European and Asian studies.

— Two of the attacks purported to be messages forwarded on from the Clinton Foundation giving insight and perhaps a postmortem analysis of the elections. Two of the other attacks purported to be eFax links or documents pertaining to the election’s outcome being revised or rigged.

— The last attack claimed to be a link to a PDF download on “Why American Elections Are Flawed.”

According to Volexity, a group it refers to as The Dukes (also known as APT29 or Cozy Bear) is responsible for post-election attack activity. “The Dukes continue to launch well-crafted and clever attack campaigns. They have had tremendous success evading anti-virus and anti-malware solutions at both the desktop and mail gateway levels.”