Latest Breaking News

DonViejo

(60,536 posts) Mon Nov 19, 2018, 06:09 PM Nov 2018

Russian hacking group 'Cozy Bear' likely responsible for phishing campaign, US security firm says

Source: The Hill

BY JACQUELINE THOMSEN - 11/19/18 05:00 PM EST

A U.S. security firm on Monday said a Russian hacker group is likely responsible for a phishing campaign that used emails to impersonate a State Department employee.

FireEye researchers tied the spear phishing campaign to APT29, a group often referred to as “Cozy Bear.” The hackers were targeting U.S. think tanks, military, federal government and law enforcement, among other sectors, the security firm said in a blog post.

Monday's finding comes just days after FireEye and another U.S. cybersecurity firm, CrowdStrike, publicly confirmed the phishing campaign. The companies did not attribute the actions to the hacking group at the time, but noted similarities to previous activity by Cozy Bear.

FireEye said the hacking group created emails that gave the impression of coming from a State Department public affairs official who was trying to share an official document. The attached document included links and a file hosted on a domain that was likely compromised, FireEye said.

Read more: https://thehill.com/policy/cybersecurity/417499-security-firm-attributes-phishing-campaign-to-russian-hacking-group

9 replies

= new reply since forum marked as read

Highlight:

Russian hacking group 'Cozy Bear' likely responsible for phishing campaign, US security firm says (Original Post) DonViejo Nov 2018 OP

What about the 300 lbs man sitting on his bed in New Jersey? Botany Nov 2018 #1

When did Trump move across the river? Yo_Mama_Been_Loggin Nov 2018 #5

Wow, that might be the lamest name for a hacker group ever. Initech Nov 2018 #2

:D C Moon Nov 2018 #3

Cozy Bear is the group that hacked Podesta's email account in 2016. lagomorph777 Nov 2018 #4

Fancy Bear was supposedly the main culprit against Podesta although Cozy Bear was involved too BumRushDaShow Nov 2018 #6

The names are given by the security firms that .... reACTIONary Nov 2018 #7

Oh so they didn't choose it then. Initech Nov 2018 #8

That's right.... reACTIONary Nov 2018 #9

Botany

(70,524 posts)

1. What about the 300 lbs man sitting on his bed in New Jersey?

Reply to DonViejo (Original post)

Mon Nov 19, 2018, 06:14 PM

Nov 2018

We executed 2 people for selling out this country to Russia (Soviet Union) in the 1950s. The Russians
needed help on the inside and boy did they get it.

And Cozy Bear is from the Russian FSB which works for Putin.

Yo_Mama_Been_Loggin

(108,071 posts)

5. When did Trump move across the river?

Reply to Botany (Reply #1)

Mon Nov 19, 2018, 06:47 PM

Nov 2018

Initech

(100,087 posts)

2. Wow, that might be the lamest name for a hacker group ever.

Reply to DonViejo (Original post)

Mon Nov 19, 2018, 06:15 PM

Nov 2018

C Moon

(12,215 posts)

3. :D

Reply to Initech (Reply #2)

Mon Nov 19, 2018, 06:23 PM

Nov 2018

lagomorph777

(30,613 posts)

4. Cozy Bear is the group that hacked Podesta's email account in 2016.

Reply to Initech (Reply #2)

Mon Nov 19, 2018, 06:23 PM

Nov 2018

BumRushDaShow

(129,165 posts)

6. Fancy Bear was supposedly the main culprit against Podesta although Cozy Bear was involved too

Reply to lagomorph777 (Reply #4)

Mon Nov 19, 2018, 07:13 PM

Nov 2018

https://motherboard.vice.com/en_us/article/mg7xjb/how-hackers-broke-into-john-podesta-and-colin-powells-gmail-accounts

reACTIONary

(5,770 posts)

7. The names are given by the security firms that ....

Reply to Initech (Reply #2)

Mon Nov 19, 2018, 08:34 PM

Nov 2018

... investigate the attack based on some asspect of it. Different names come up because at first no one knows who is behind the attack. For instance cozy bear is also called office monkey because one attack used a flash graphic of monkeys jumping around an office.

Cozy bear used a Trojan named CozyCar which is where the cozy comes from. I think the bear refers to the Russian affiliation.

The official name for this group is apt29, which stands for advanced persistent threat number 29. An advanced persistent threat is generally a state sponsored organization with a virtually unlimited budget and truly world class technical expertise. On the order of our NSA.

Initech

(100,087 posts)

8. Oh so they didn't choose it then.

Reply to reACTIONary (Reply #7)

Mon Nov 19, 2018, 08:47 PM

Nov 2018

I was going to say if you're a hacker collective who is going to take down governments, you should at least come up with a more threatening name. Cozy Bear conjures up the image of like the Charmin Bears or Yogi Bear, not like grizzlies.

reACTIONary

(5,770 posts)

9. That's right....

Reply to Initech (Reply #8)

Mon Nov 19, 2018, 09:19 PM

Nov 2018

.,, apts are government intelligence entities and do not have any public posture at all, like nsa, no such agency.

I found out more about the cozy bear nickname

Inevitably there were questions about the strange names his company had given the Russian hackers. As it happened, "Fancy Bear" and "Cozy Bear" were part of a coding system Alperovitch had created. Animals signified the hackers' country of origin: Russians were bears, Chinese were pandas, Iranians were kittens, and North Koreans were named for the chollima, a mythical winged horse. By company tradition, the analyst who discovers a new hacker gets to choose the first part of the nickname. Cozy Bear got its nickname because the letters coz appeared in its malware code. Fancy Bear, meanwhile, used malware that included the word Sofacy, which reminded the analyst who found it of the Iggy Azalea song "Fancy."

https://www.esquire.com/news-politics/a49902/the-russian-emigre-leading-the-fight-to-protect-america/

Reply to this discussion