American security firm Volexity has reported a series of dedicated spear phishing attacks targeted some institutions only hours after Donald J. Trump was declared the 45th President of the United States.
An advanced persistent threat (APT) group of Russian hackers launched an offensive against critical Think Tanks and Non-governmental organizations (NGOs) using fake Gmail profiles and hacked accounts from Harvard’s Faculty of Arts and Sciences (FAS).
Volexity registered five different instances (or waves) of spear phishing attacks. The hacking efforts targeted many institutions and individuals from fields such as national security, public policy, and even European and Asian studies.
This wave of attacks follows a hacking scandal that occurred during the election process and affected the Democratic candidate, Hillary Clinton. There is no current indication that these attacks target or support of current President Elect Donald Trump.
What is a ‘spear phishing’ hack?
Phishing is a hacking technique that consists of posing as an official institution or company that somehow relates to the targeted user, for example, a no-reply representative from their email service or bank account.
Hackers use phishing schemes to try and get users to reveal personal information to them such as passwords, credit card information, and more. They later use this information to access a user’s data and proceed to other illegal activities like blackmail.
Spear phishing is different from regular phishing in the fact it intends to be more intimate, with hackers going as far as pretending to be an individual that a user knows personally, such as a family member, which makes spear phishing especially dangerous.
Who was targeted by these phishing attacks?
Hackers carried out the attacks using emails that posed as hailing from the Clinton Foundation, containing post-mortem information about the voting outcome, attached files relating to the electoral system, and a possible contest of the election results.
Volexity does not disclose exactly which companies or individuals received these emails, nor it gives examples to who was most likely to be affected. A Think Tank is a slang term for a research institute or a certified group of experts on a certain topic.
The same goes for NGOs, institutions (which are often think tanks) and foundations that deal with public policies and political events but are not, in any way, sponsored or funded by the government, hence the name.
The perpetrators are a Russian hacking group known as ‘The Dukes’
The Dukes has been in Volexity’s scope since last August. The company ties them to a previous attack to the Democratic National Committee (DNC), and another wave of think-tank and NGO infiltrations that occurred that month.
The perpetrators use different types of files that relate to software from Microsoft Office, Word documents, and Excel sheets, mostly. They also use PDF files and eFax documents, all designed to deceive users into downloading a file.
Once opened, the files execute a command that automatically initiates the download of malware that later installs on the victim’s system. The hackers have dubbed this phishing scheme ‘PowerDuke,’ and they have been using it in most of their campaigns.