The hackers are probably a group linked to Russian intelligence services, according to research by FireEye Inc. and CrowdStrike Inc. published Monday in a blog post by FireEye. There’s no evidence that Nauert, Stevenson or the State Department were hacked, said Nick Carr, a senior manager at FireEye.
Targets at dozens of organizations received an email with a subject line stating that Stevenson had shared a drive with them. The email contained a download, labeled as a personal drive belonging to Nauert, that was actually malware that would load onto victims’ computers if they clicked on it, according to the blog post.
The hackers may have used Nauert’s and Stevenson’s names in order to raise doubts about the security of their accounts. In fact, rumors to that effect have spread on social media, Carr said.
The attack probably originated with the Russian intelligence-linked group known variously as APT29 and Cozy Bear. The firms aren’t certain of the attribution but elements of the attack including its scope, targets and tactics were similar to the group’s previous activity. The same group infamously hacked into the Democratic National Committee during a broader Russian effort to assist Donald Trump’s campaign during the 2016 election.
In this case, the hackers were probably trying to obtain intelligence, the firms said. The number of people who clicked on the malware is unknown.
©2018 Bloomberg News. Distributed by Tribune Content Agency, LLC.
