Photo: Alastair Grant/AFP via Getty Images

FireEye announced last week that a cyber attack that looked like it could have come from the Russian hackers "Cozy Bear" may have impersonated a State Department official in a new phishing campaign.

The big picture: FireEye was careful to say last week that it was not ready to formally accuse Russia of the attack. It still isn't. But the security firm posted more information about the attack on Monday which has helped to fill in some blanks.

What they're saying: "We were shocked to see people saying this was definitely from Russia - we have material information we aren't releasing, and we're not sure yet. This is us showing our work," said Nick Carr, senior manager of adversary methods at FireEye

Why it matters: Cozy Bear, and all spy groups, regularly use phishing scams to breach targets. While the recent operation was nothing too far afield of other attacks, it is jarring to see such a brazen choice of cover identity.

The backdrop: The Cozy Bear hackers are the less talked about, more covert of the two Russian "bears" that attacked the Democratic National Committee in 2016. The hackers ceased activity soon after the election, and may not have resurfaced until now, if at all.

  • FireEye has noted the long gap in appearances as a reason the phishing emails might not have come from Cozy Bear.

Details: In the most recent attack, the hackers targeted a broad cross section of industries, including "think tanks, law enforcement, media, U.S. military, imagery, transportation, pharmaceuticals, national government, and defense contracting," That information was announced last week.

  • The targets significantly overlap with an attack on the firm Volexity, which was more definitively attributed to Cozy Bear in November.
  • If a victim clicked on the document included in the phishing email, a form labeled "TRAINING/INTERNSHIP PLACEMENT PLAN" would be found.
  • That document was laced with computer code giving the hackers a foothold on that system.

The malware the hackers used included the widely-available Cobalt Strike, so it's likely antivirus programs could catch this attack in progress.

  • But don't count on that, researchers at FireEye said: Cozy Bear sometimes uses easy-to-catch attacks as a smokescreen for more covert ones.

Go deeper

Updated 48 mins ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Politics: Obama: Trump is "jealous of COVID's media coverage" Axios-Ipsos poll: Federal response has only gotten worse.
  2. Health: Hospitals face a crush — 13 states set single-day case records last week.
  3. Business: Winter threat spurs new surge of startup activity.
  4. Media: Pandemic causes TV providers to lose the most subscribers ever.
  5. States: Nearly two dozen Minnesota cases traced to three Trump campaign events.
  6. World: Putin mandates face masks.

Unrest in Philadelphia after fatal police shooting of Black man

Demonstrators rally on Tuesday near the location where Walter Wallace was killed by two police officers in Philadelphia, Pennsylvania. Photo: Mark Makela/Getty Images

The Pennsylvania National Guard was mobilized Tuesday during a tense second night of protests in Philadelphia over the fatal police shooting of Walter Wallace, a 27-year-old Black man.

Driving the news: Philadelphia Mayor Jim Kenney (D) and Police Commissioner Danielle Outlaw said in a joint statement Monday that police were launching a "full investigation" to answer questions that arose from video that captured part of the incident with police.

2 hours ago - Sports

Los Angeles Dodgers win World Series

Mookie Betts slides home safely to give the Dodgers a 2-1 lead. Photo: Tom Pennington/Getty Images

The Los Angeles Dodgers won their seventh World Series in franchise history with a 3-1 Game 6 victory over the Tampa Bay Rays on Tuesday. Shortstop Corey Seager was named the series MVP.

The big picture: It's the Dodgers' first championship since 1988, though they've won the NL West division in eight straight seasons and reached the World Series three times in the last four years.