U.S. cybersecurity experts claim that a group of hackers associated with the Russian government (APT29) is impersonating U.S. State Official employees in an operation aimed at infecting U.S. Government computers, businesses, and think tanks, according to a Reuters report.
After detecting a wave of malicious attacks, two research firms including CrowdStrike and FireEyee confirmed that the attacks were caused by “Cozy Bear,” an advanced persistent group previously linked to the hack of the 2016 U.S. presidential elections.
The two firms recently became aware of bogus emails falsely purporting to originate from State Department public affairs official, Susan Stevenson.
The new phishing scam encouraged customers to download documents that claimed to have been sent from Heather Nauert, the leading candidate to become the next U.S. ambassador to the United Nations.
If installed, the documents can grant users access to every corner of their operating system, according to the report.
The report also states that more than 20 FireEye customers were targeted, including military agencies, law enforcement, defence contractors, media companies, and pharmaceutical companies.
Neither of the two firms disclosed how many companies were affected nor did they identify any specific targets involved in the incident.
Moscow-based cyber security firm, Kaspersky Lab, confirmed that the hacking involved APT29, but the group hasn’t been active since last year, according to the report.