Home / News

There are Reports of Widespread Post-Election Spear Phishing Campaigns Targeting Think Tanks, NGOs

"In the wake of the 2016 United States Presidential Election, not even six hours after Donald Trump became the nation's President-Elect, an advanced persistent threat (APT) group launched a series of coordinated and well-planned spear phishing campaigns," according to a report from the Washington, D.C.-based cyber incident response firm Volexity.

— Five different attack waves were detected with a heavy focus on U.S.-based think tanks and non-governmental organizations (NGOs). These e-mails came from a mix of attacker created Google Gmail accounts and what appears to be compromised e-mail accounts at Harvard's Faculty of Arts and Sciences (FAS).

— The emails were sent in large quantities to different individuals across many organizations and individuals focusing on national security, defense, international affairs, public policy, and European and Asian studies.

— Two of the attacks purported to be messages forwarded on from the Clinton Foundation giving insight and perhaps a postmortem analysis of the elections. Two of the other attacks purported to be eFax links or documents pertaining to the election's outcome being revised or rigged.

— The last attack claimed to be a link to a PDF download on "Why American Elections Are Flawed."

According to Volexity, a group it refers to as The Dukes (also known as APT29 or Cozy Bear) is responsible for post-election attack activity. "The Dukes continue to launch well-crafted and clever attack campaigns. They have had tremendous success evading anti-virus and anti-malware solutions at both the desktop and mail gateway levels."

By CircleID Reporter – CircleID's internal staff reporting on news tips and developing stories. Do you have information the professional Internet community should be aware of? Contact us. Visit Page

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Comments

The Mails from the real attack look the same as our Phishing Simulation Templates - LUCY By Palo Stacho  –  Nov 11, 2016 2:18 pm PDT

Thank you for your article! We don't know if it was the Dukes. But what we know is that the Phishing e-mails look the same as our own best practice DIY phishing simulation templates which we provide together with LUCY Server! Obviously the cyber criminals are using best practices too: Our customers and partners say that the eFax Attack is a scenario with a high penetration rate! See our article on http://www.lucysecurity.com/phishing-cozy-bear-post-election-simulation/

Add Your Comments

 To post your comments, please login or create an account.

Related

Topics

Whois

Sponsored byWhoisXML API

DNS Security

Sponsored byAfilias

Cybercrime

Sponsored byThreat Intelligence Platform

Domain Names

Sponsored byVerisign

IP Addressing

Sponsored byIPv4.Global

New TLDs

Sponsored byAfilias

Cybersecurity

Sponsored byVerisign

Brand Protection

Sponsored byAppdetex