|
“In the wake of the 2016 United States Presidential Election, not even six hours after Donald Trump became the nation’s President-Elect, an advanced persistent threat (APT) group launched a series of coordinated and well-planned spear phishing campaigns,” according to a report from the Washington, D.C.-based cyber incident response firm Volexity.
— Five different attack waves were detected with a heavy focus on U.S.-based think tanks and non-governmental organizations (NGOs). These e-mails came from a mix of attacker created Google Gmail accounts and what appears to be compromised e-mail accounts at Harvard’s Faculty of Arts and Sciences (FAS).
— The emails were sent in large quantities to different individuals across many organizations and individuals focusing on national security, defense, international affairs, public policy, and European and Asian studies.
— Two of the attacks purported to be messages forwarded on from the Clinton Foundation giving insight and perhaps a postmortem analysis of the elections. Two of the other attacks purported to be eFax links or documents pertaining to the election’s outcome being revised or rigged.
— The last attack claimed to be a link to a PDF download on “Why American Elections Are Flawed.”
According to Volexity, a group it refers to as The Dukes (also known as APT29 or Cozy Bear) is responsible for post-election attack activity. “The Dukes continue to launch well-crafted and clever attack campaigns. They have had tremendous success evading anti-virus and anti-malware solutions at both the desktop and mail gateway levels.”
Sponsored byRadix
Sponsored byVerisign
Sponsored byIPv4.Global
Sponsored byVerisign
Sponsored byDNIB.com
Sponsored byCSC
Sponsored byWhoisXML API
Thank you for your article! We don’t know if it was the Dukes. But what we know is that the Phishing e-mails look the same as our own best practice DIY phishing simulation templates which we provide together with LUCY Server! Obviously the cyber criminals are using best practices too: Our customers and partners say that the eFax Attack is a scenario with a high penetration rate! See our article on http://www.lucysecurity.com/phishing-cozy-bear-post-election-simulation/