Nov 19, 2018

FireEye releases new details on hackers posing as State Dept. official

Photo: Alastair Grant/AFP via Getty Images

FireEye announced last week that a cyber attack that looked like it could have come from the Russian hackers "Cozy Bear" may have impersonated a State Department official in a new phishing campaign.

The big picture: FireEye was careful to say last week that it was not ready to formally accuse Russia of the attack. It still isn't. But the security firm posted more information about the attack on Monday which has helped to fill in some blanks.

What they're saying: "We were shocked to see people saying this was definitely from Russia - we have material information we aren't releasing, and we're not sure yet. This is us showing our work," said Nick Carr, senior manager of adversary methods at FireEye

Why it matters: Cozy Bear, and all spy groups, regularly use phishing scams to breach targets. While the recent operation was nothing too far afield of other attacks, it is jarring to see such a brazen choice of cover identity.

The backdrop: The Cozy Bear hackers are the less talked about, more covert of the two Russian "bears" that attacked the Democratic National Committee in 2016. The hackers ceased activity soon after the election, and may not have resurfaced until now, if at all.

  • FireEye has noted the long gap in appearances as a reason the phishing emails might not have come from Cozy Bear.

Details: In the most recent attack, the hackers targeted a broad cross section of industries, including "think tanks, law enforcement, media, U.S. military, imagery, transportation, pharmaceuticals, national government, and defense contracting," That information was announced last week.

  • The targets significantly overlap with an attack on the firm Volexity, which was more definitively attributed to Cozy Bear in November.
  • If a victim clicked on the document included in the phishing email, a form labeled "TRAINING/INTERNSHIP PLACEMENT PLAN" would be found.
  • That document was laced with computer code giving the hackers a foothold on that system.

The malware the hackers used included the widely-available Cobalt Strike, so it's likely antivirus programs could catch this attack in progress.

  • But don't count on that, researchers at FireEye said: Cozy Bear sometimes uses easy-to-catch attacks as a smokescreen for more covert ones.

Go deeper

There are warning signs that Nevada could be Iowa all over again

Former Sen. Harry Reid (D) lines up to cast an early vote for the upcoming Nevada Democratic presidential caucus. Photo: Ethan Miller/Getty Images

The alarms are increasingly sounding over Nevada's Democratic caucus, which is just five days away.

Why it matters: Similar issues to the ones that plagued Iowa's caucus seem to be rearing their ugly heads, the WashPost reports.

China tries to contain coronavirus, as Apple warns of earnings impact

Data: The Center for Systems Science and Engineering at Johns Hopkins, the CDC, and China's NHC; Note: China refers to mainland China and the Diamond Princess is the cruise ship offshore Yokohama, Japan. Map: Danielle Alberti/Axios

As China pushes to contain the spread of the novel coronavirus — placing around 780 million people under travel restrictions, per CNN — the economic repercussions continue to be felt globally as companies like Apple warn of the impact from the lack of manufacturing and consumer demand in China.

The big picture: COVID-19 has now killed at least 1,775 people and infected more than 70,000 others, mostly in mainland China. There are some signs that new cases are growing at a slower rate now, although the World Health Organization said Monday it's "too early to tell" if this will continue.

Go deeperArrowUpdated 4 hours ago - Health

Apple will miss quarterly earnings estimates due to coronavirus

Apple CEO Tim Cook

Apple issued a rare earnings warning on Monday, saying it would not meet quarterly revenue expectations due to the impact of the coronavirus, which will limit iPhone production and limit product demand in China.

Why it matters: Lots of companies rely on China for production, but unlike most U.S. tech companies, Apple also gets a significant chunk of its revenue from sales in China.