Nov 19, 2018

FireEye releases new details on hackers posing as State Dept. official

Photo: Alastair Grant/AFP via Getty Images

FireEye announced last week that a cyber attack that looked like it could have come from the Russian hackers "Cozy Bear" may have impersonated a State Department official in a new phishing campaign.

The big picture: FireEye was careful to say last week that it was not ready to formally accuse Russia of the attack. It still isn't. But the security firm posted more information about the attack on Monday which has helped to fill in some blanks.

What they're saying: "We were shocked to see people saying this was definitely from Russia - we have material information we aren't releasing, and we're not sure yet. This is us showing our work," said Nick Carr, senior manager of adversary methods at FireEye

Why it matters: Cozy Bear, and all spy groups, regularly use phishing scams to breach targets. While the recent operation was nothing too far afield of other attacks, it is jarring to see such a brazen choice of cover identity.

The backdrop: The Cozy Bear hackers are the less talked about, more covert of the two Russian "bears" that attacked the Democratic National Committee in 2016. The hackers ceased activity soon after the election, and may not have resurfaced until now, if at all.

  • FireEye has noted the long gap in appearances as a reason the phishing emails might not have come from Cozy Bear.

Details: In the most recent attack, the hackers targeted a broad cross section of industries, including "think tanks, law enforcement, media, U.S. military, imagery, transportation, pharmaceuticals, national government, and defense contracting," That information was announced last week.

  • The targets significantly overlap with an attack on the firm Volexity, which was more definitively attributed to Cozy Bear in November.
  • If a victim clicked on the document included in the phishing email, a form labeled "TRAINING/INTERNSHIP PLACEMENT PLAN" would be found.
  • That document was laced with computer code giving the hackers a foothold on that system.

The malware the hackers used included the widely-available Cobalt Strike, so it's likely antivirus programs could catch this attack in progress.

  • But don't count on that, researchers at FireEye said: Cozy Bear sometimes uses easy-to-catch attacks as a smokescreen for more covert ones.

Go deeper

Trump to end Hong Kong’s special trade status

President Trump. Photo: Win McNamee/Getty Images

President Trump announced on Friday that the U.S. would be fundamentally changing longstanding policies toward Hong Kong as a result of Chinese encroachment on the city's autonomy.

Why it matters: Trump said he would be effectively ending the special trade status that has allowed Hong Kong to flourish as a gateway to the Chinese market. That leaves an uncertain future for businesses that operate in Hong Kong, not to mention the city's 7 million residents, and could be met with reprisals from Beijing.

Updated 1 hour ago - Politics & Policy

Police officer in George Floyd killing charged with third-degree murder

A protester with a sign with George Floyd's last words. Photo: Stephen Maturen/Getty Images

Derek Chauvin, the Minneapolis police officer involved in the killing of George Floyd, was charged Friday with third-degree murder and manslaughter, according to Hennepin County Attorney Mike Freeman.

The state of play: Freeman said that the delay in Chauvin's arrest, which came four days after Floyd's death on Monday, was due to the need to collect sufficient evidence — and that it was "by far the fastest" his office had charged a police officer. He added that he also anticipated charges against the other three officers involved in Floyd's arrest and death, but refused to elaborate.

Updated 1 min ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 4 p.m. ET: 5,877,503— Total deaths: 362,731 — Total recoveries — 2,464,595Map.
  2. U.S.: Total confirmed cases as of 4 p.m. ET: 1,735,971 — Total deaths: 102,286 — Total recoveries: 399,991 — Total tested: 15,646,041Map.
  3. Public health: Hydroxychloroquine prescription fills exploded in March —How the U.S. might distribute a vaccine.
  4. 2020: North Carolina asks RNC if convention will honor Trump's wish for no masks or social distancing.
  5. Supreme Court: Senators Grassley, Leahy urge Supreme Court to continue live streams post-pandemic.
  6. Business: Fed chair Powell says coronavirus is "great increaser" of income inequality.
  7. 🚀 Space: How to virtually watch SpaceX's first crewed launch Saturday.