Warning: Russian Hackers Break Into European Embassy In Washington

180

The hackers who infamously breached the Democratic National Committee have continued to cause havoc, according to researchreleased Thursday.

The so-called Cozy Bear hackers, who were revealed in 2016 to have infiltrated the DNC along with a group called Fancy Bear as part of a Russian-government sponsored attack on American democracy, have hacked the Washington, D.C., embassy of a European member state, said cybersecurity researchers from ESET. The hackers also broke into computers at the ministries of foreign affairs of three European countries.

Neither the embassy nor the government departments are being identified by ESET. But the research represents a rare sighting of Cozy Bear and a resurgence of a Russian intelligence operation heading into a turbulent geopolitical period, with Britain’s exit from the European Union and the 2020 U.S. election on the horizon. Three new malware types were also discovered, showing the unit continues to build its digital arsenal as it tries to spy on diplomats.

Matthieu Faou, who led the ESET research, said the latest attacks show Cozy Bear is still very active even as they avoided public scrutiny for many years. “There was this phishing campaign last year, but in terms of malware, we didn’t hear anything since the end of 2016, beginning of 2017,” he told Forbes.Today In: Innovation

Faou believes it was likely Cozy Bear was trying to steal documents and emails, given the nature of the victims, though he did not have access to the purloined data.

Cheekily, the Russian hackers are using famous American tech company infrastructure as part of their attacks. When the hackers need to know what website to use to control infected computers, the domains would be sent by those hacked PCs to various services, including Twitter, Evernote and Reddit.