Nov 16, 2018 - World

Cozy Bear hackers may be impersonating State Department

Joe Uchill

U.S. State Department seal — Photo: Mandel Ngan/AFP/Getty Images

Cozy Bear, hackers who the U.S. and other governments believe to be Russian intelligence, appears to be impersonating the State Department in a new hacking campaign that's been observed attacking several sectors. FireEye, a cybersecurity company, first made the announcement on Twitter.

The big picture: It's nothing new for Cozy Bear to impersonate government officials, or anyone else who could lure people into downloading a file. That doesn't make it less aggressive — or less dangerous — for them to use the State Department to accomplish their goal.

FireEye is not making a firm attribution to Cozy Bear at this time. It's just saying the attacks show similarities to Cozy Bear's toolkit and techniques.

The targets spanned different sectors: defense, law enforcement, local government, media, pharmaceuticals, think tanks, transportation and the public sector. They appear to be the same or similar targets to a 2016 campaign associated with Cozy Bear.

What they're saying: "FireEye is continuing to investigate the true intention of the campaign," said Nick Carr, senior manager of adversary methods at FireEye.

Editor's note: The headline and story have been corrected to show that the Russian hacking group in question is Cozy Bear (not Fancy Bear).

Add Axios on Google

Cozy Bear hackers may be impersonating State Department

What to read next