How Donald Trump won US Presidential Election is still a mystery to some. People actually voted him for the president? Or did he hijacked election with the help of friends at Russia who hacked it?
In less than six hours, after the win of Donald Trump for the 2016 45th US Presidential Election, a surge of opportunist cyber attacks raised to target the US-policy think tanks via spear phishing campaign to lure them into installing malware with slogans like ‘The “shocking” truth about US election rigging,’ and similar.
The state-wide threat actors, also known with different monikers APT29, CozyDuke, Cozy Bear, and now ‘The Dukes’ was the culprit behind data breach of Democratic National Committee (DNC) and is alleged to have ties with the Russian government, according to the US bureaucrats. Russia, on the other end, rebuked such allegations and asked for answers. However, both the parties were unable to provide evidence.
On Wednesday, the hacking group launched its state-wide attack (post US presidential election) of spear phishing email on its victims including the US think tanks, NGOs, and US government insiders, pointed out by the experts at a security firm Volexity.
According to the experts, the attackers used compromised e-mail accounts at Harvard’s Faculty of Arts and Sciences (FAS), and the launched the attack in 5 different waves. The targets were individuals and organizations focusing on international affairs, national security, defense, public policy, and the European and Asian studies.
Two of the attacks pretended to come from Clinton Foundation giving insights on elections. Two attacks purported to be eFax links or documents about elections being rigged or revised, and the last attack shipped with a PDF file link related to ‘Why American Elections Are Flawed.’ The firm believes that these attacks are carried out by ‘The Dukes.’
According to experts, the e-mails pretended to come from Harvard’s ‘PDF Mobile Service’ or ‘PFD Mobile Service’ that is non-existent service in Harvard. The typographical error was inconsistent in the e-mails but was consistent with the domain name registered by the attackers.
Volexity reports, “[The malware] had tremendous success evading anti-virus and anti-malware solutions at both the desktop and mail gateway levels. The group’s anti-VM macros and PowerShell scripts appear to have drastically reduced the number of sandboxes and bots that the group has to deal with on their command and control infrastructure.”
Photo Credit: Volexity
Share this article
About the Author
Peter Buttler an Infosec Journalist and Tech Reporter, Member of IDG Network. In 2011, he completed Masters in Cybersecurity and technology. He worked for leading security and tech giants as Staff Writer. Currently, he contributes to a number of online publications, including The Next Web, CSO Online, Infosecurity Mag, SC Magazine, Tripwire, GlobalSign CSO Australia, etc. His favorite areas Online Privacy, AI, IoT, VR, Blockchain, Big Data, ML, Fintech, etc. You can follow him on twitter.
More from Peter ButtlerRelated Posts
Passengers’ Data Stored on User Devices, not on DigiYatra Storage, says India Govt
KEY TAKEAWAYS Unblocking streaming content from Amazon Prime is easy only if you know the reliable V...
NCSC Chief: Clear Rules Needed to Prevent Cyberspace Conflict and Struggle
A safe and secure digital world necessitates a clear definition and enforcement of international cyb...
‘Revive’ has been upgraded to a banking Trojan on Android
This month, Cleafy’s security researchers discovered a new Android Banking Trojan in the wild....
Asian Industrial Control Systems Targeted by Hackers Using the Shadowpad Backdoor
Unpatched Microsoft Exchange servers in various Asian countries were the target of an attack campaig...
Data Breaches Could Occur Due to Kubernetes Misconfigurations That Were Leaked.
Over 900,000 Kubernetes (K8s) have been discovered to be vulnerable to malicious scans and/or data-e...
Attacks by Cybercriminals Will Become the Main Threat in 2024. Privacy Issues Tendencies
Internet Privacy is the main Concern today Advertisers track your online activities and interf...