Russian hacking group 'Cozy Bear' likely responsible for phishing campaign, US security firm says
Source: The Hill
BY JACQUELINE THOMSEN - 11/19/18 05:00 PM EST
A U.S. security firm on Monday said a Russian hacker group is likely responsible for a phishing campaign that used emails to impersonate a State Department employee.
FireEye researchers tied the spear phishing campaign to APT29, a group often referred to as Cozy Bear. The hackers were targeting U.S. think tanks, military, federal government and law enforcement, among other sectors, the security firm said in a blog post.
Monday's finding comes just days after FireEye and another U.S. cybersecurity firm, CrowdStrike, publicly confirmed the phishing campaign. The companies did not attribute the actions to the hacking group at the time, but noted similarities to previous activity by Cozy Bear.
FireEye said the hacking group created emails that gave the impression of coming from a State Department public affairs official who was trying to share an official document. The attached document included links and a file hosted on a domain that was likely compromised, FireEye said.
Read more: https://thehill.com/policy/cybersecurity/417499-security-firm-attributes-phishing-campaign-to-russian-hacking-group
Botany
(70,524 posts)We executed 2 people for selling out this country to Russia (Soviet Union) in the 1950s. The Russians
needed help on the inside and boy did they get it.
And Cozy Bear is from the Russian FSB which works for Putin.
Yo_Mama_Been_Loggin
(108,071 posts)Initech
(100,087 posts)lagomorph777
(30,613 posts)BumRushDaShow
(129,165 posts)reACTIONary
(5,770 posts)... investigate the attack based on some asspect of it. Different names come up because at first no one knows who is behind the attack. For instance cozy bear is also called office monkey because one attack used a flash graphic of monkeys jumping around an office.
Cozy bear used a Trojan named CozyCar which is where the cozy comes from. I think the bear refers to the Russian affiliation.
The official name for this group is apt29, which stands for advanced persistent threat number 29. An advanced persistent threat is generally a state sponsored organization with a virtually unlimited budget and truly world class technical expertise. On the order of our NSA.
Initech
(100,087 posts)I was going to say if you're a hacker collective who is going to take down governments, you should at least come up with a more threatening name. Cozy Bear conjures up the image of like the Charmin Bears or Yogi Bear, not like grizzlies.
reACTIONary
(5,770 posts).,, apts are government intelligence entities and do not have any public posture at all, like nsa, no such agency.
I found out more about the cozy bear nickname
Inevitably there were questions about the strange names his company had given the Russian hackers. As it happened, "Fancy Bear" and "Cozy Bear" were part of a coding system Alperovitch had created. Animals signified the hackers' country of origin: Russians were bears, Chinese were pandas, Iranians were kittens, and North Koreans were named for the chollima, a mythical winged horse. By company tradition, the analyst who discovers a new hacker gets to choose the first part of the nickname. Cozy Bear got its nickname because the letters coz appeared in its malware code. Fancy Bear, meanwhile, used malware that included the word Sofacy, which reminded the analyst who found it of the Iggy Azalea song "Fancy."
https://www.esquire.com/news-politics/a49902/the-russian-emigre-leading-the-fight-to-protect-america/