Russia has once again been accused of backing hackers who this time allegedly penetrated several Washington think tanks that offer policy analysis to US lawmakers. The new accusations come as the FBI investigates an attack on the Democratic Party.
Just as with the Democratic National Committee (DNC) hack that failed to substantiate any direct link to Moscow, cybersecurity company CrowdStrike has now blamed the new intrusion on Russian government-backed hackers.
In an interview with Defense One, founder of CrowdStrike, Dmitri Alperovitch, blamed a group called COZY BEAR, or APT29, allegedly linked to the DNC hack, for breaking into the think tanks’ servers.
The “highly targeted operation” that reportedly happened last week, according to Alperovitch, targeted “fewer than five organizations and 10 staffers researching Russia,” the publication reports. In making the announcement, the head of the security firm failed to disclose any details of the attack or the hackers’ victims.
The failure to disclose any concrete proof was sidestepped and instead concern for victims’ interests was focused on.
“Many of these people are former government officials that still advise current government officials,” Alperovitch told Defense One. The aim of the hack, the expert speculated, had been “to look at their communications with government officials to see if they may have some plundered information that’s been shared with them, or use them as a way to target government.”
Alperovitch said that those who were hacked were notified right away after the security company discovered suspicious activity using CrowdStrike’s Falcon cybersecurity software which allows the security firm to monitor its clients’ networks for intrusions.
In the latest case, the hackers lured victims to open emails by using fake emails from known think tanks and geopolitical consultancy groups. After the victim opened an email with a link to a bad domain, the target’s machine downloaded a remote access tool (RAT). That allowed the intruders to hacker into the system.
“Think of it as a video camera that’s recording everything that’s executing. You open up Word, you open up Outlook and another process launches a network connection, which gets recorded and gets streamed to our cloud where we do machine learning and behavioral analytics on that… That’s exactly what happened here. We picked up that there was a spearphish and immediately an alert went out. Our people contacted [the clients] and said okay, this is pretty serious, you need to contain this machine right away,” Alperovitch said.
The COZY BEAR group, which is being accused of a series of attacks against the US Democrats, according to Alperovitch has managed to perfect its hacking skills, “improving its ability to operate without detection and scaling up further its ability to move rapidly within a network after initial compromise.”
Russia has denied all accusations voiced by the Hilary Clinton camp, US politicians and cybersecurity experts.
“President Putin on several occasions said that Russia never interferes in external policy and elections in other countries,” Kremlin’s spokesman, Dmitry Peskov was quoted as saying. “Moscow avoids any actions or words that could be considered as an intervention in the electoral process.”
Some 20,000 DNC emails were made public by WikiLeaks on July 22, revealing a close working relationship between the party and some mainstream media figures, as well as collusion with the Hillary Clinton campaign to sideline Bernie Sanders, her challenger for the presidential nomination.
The DNC replaced Chairwoman Debbie Wasserman Schultz on the eve of the party’s convention in Philadelphia – she immediately got a post with the Clinton campaign – and fired back with accusations that Russia had been behind the hack and the leaks, accusing Moscow of backing Republican nominee Donald Trump.
US media picked up the accusations, reporting them under headlines such as “Russian Intelligence Hacked DNC Emails” (NBC), “Suspected Russian hack of DNC widens” (Yahoo News), and “All Signs Point to Russia Being Behind the DNC Hack” (VICE News).
In reality, actual evidence was nowhere to be found. Instead, reporters relied on insinuations such as a widespread agreement among cybersecurity experts and professionals that Russia was somehow responsible. Others so-called experts saw Russian involvement indicated by the fact that WikiLeaks founder Julian Assange’s show had been aired on RT back in 2012.
In relation to the latest alleged breach, Defense One contacted several think tanks with most writing back saying that they had not been targeted.
READ MORE: ‘Foreign hackers’ accessed Arizona, Illinois election databases – FBI
The report of the think tanks’ breach comes the same day as FBI announced the discovery of evidence that “foreign” hackers penetrated two state election databases in recent weeks.
The latest hysteria surrounding the so-called Russian trail has been compared by experts to the recent witch-hunt on Chinese hackers that the US initiated a few years back before Washington switched to “demonizing Russia.”
“What is going on is largely propaganda warfare. They have made Vladimir Putin – they have demonized him. They are attacking Russia for everything,” William Jones, the Washington Bureau Chief for Executive Intelligence Review told RT. “Just today Russia is the target of it, tomorrow it will be China, and then they’ll go back to Russia.”