How Trump Won? Don't Open E-Mails, Malware Hits Again

Last updated: July 5, 2023 Reading time: minutes
Disclosure
Share
us presidential election

How Donald Trump won US Presidential Election is still a mystery to some. People actually voted him for the president? Or did he hijacked election with the help of friends at Russia who hacked it?

In less than six hours, after the win of Donald Trump for the 2016 45th US Presidential Election, a surge of opportunist cyber attacks raised to target the US-policy think tanks via spear phishing campaign to lure them into installing malware with slogans like ‘The “shocking” truth about US election rigging,’ and similar.

The state-wide threat actors, also known with different monikers APT29, CozyDuke, Cozy Bear, and now ‘The Dukes’ was the culprit behind data breach of Democratic National Committee (DNC) and is alleged to have ties with the Russian government, according to the US bureaucrats. Russia, on the other end, rebuked such allegations and asked for answers. However, both the parties were unable to provide evidence.

On Wednesday, the hacking group launched its state-wide attack (post US presidential election) of spear phishing email on its victims including the US think tanks, NGOs, and US government insiders, pointed out by the experts at a security firm Volexity.

According to the experts, the attackers used compromised e-mail accounts at Harvard’s Faculty of Arts and Sciences (FAS), and the launched the attack in 5 different waves. The targets were individuals and organizations focusing on international affairs, national security, defense, public policy, and the European and Asian studies.

Two of the attacks pretended to come from Clinton Foundation giving insights on elections. Two attacks purported to be eFax links or documents about elections being rigged or revised, and the last attack shipped with a PDF file link related to ‘Why American Elections Are Flawed.’ The firm believes that these attacks are carried out by ‘The Dukes.’

us presidential election

According to experts, the e-mails pretended to come from Harvard’s ‘PDF Mobile Service’ or ‘PFD Mobile Service’ that is non-existent service in Harvard. The typographical error was inconsistent in the e-mails but was consistent with the domain name registered by the attackers.

Volexity reports, “[The malware] had tremendous success evading anti-virus and anti-malware solutions at both the desktop and mail gateway levels. The group’s anti-VM macros and PowerShell scripts appear to have drastically reduced the number of sandboxes and bots that the group has to deal with on their command and control infrastructure.”

Photo Credit: Volexity

Share this article

About the Author

Peter Buttler an Infosec Journalist and Tech Reporter, Member of IDG Network. In 2011, he completed Masters in Cybersecurity and technology. He worked for leading security and tech giants as Staff Writer. Currently, he contributes to a number of online publications, including The Next Web, CSO Online, Infosecurity Mag, SC Magazine, Tripwire, GlobalSign CSO Australia, etc. His favorite areas Online Privacy, AI, IoT, VR, Blockchain, Big Data, ML, Fintech, etc. You can follow him on twitter.

More from Peter Buttler

Related Posts