Russian hackers are reported to have used emails disguised to look as Gmail security updates to hack into the computers of the Democratic National Committee and members of Hilary Clinton’s top campaign staff.
The emails were sent to 108 members of Democratic presidential nominee Hillary Clinton’s campaign and 20 people clicked on them, at least four people clicking more than once, Secureworks’ research found. The emails were sent to another 16 people from the DNC and four people clicked on them, the report said.
Researchers found the emails by tracing the malicious URLs set up by Fancy Bear using Bitly, a link shortening service. We were monitoring bit.ly and saw the accounts being created in real time,” said Phil Burdette, a senior security researcher at SecureWorks, explaining how they stumbled upon the the URLs set up by Fancy Bear.
Fancy Bear, also known as APT28, Pawn Storm, Sofacy Group and Sednit, is a cyber espionage group. Likely operating since 2007, the group is known to target government, military, and security organizations. It has been characterized as an advanced persistent threat and is thought to have connections to the Russian government.
Fancy Bear’s targets have included Eastern European governments and militaries, the country of Georgia and the Caucasus, security-related organizations such as NATO, as well as US defense contractors Academi (formerly known as Blackwater) and Science Applications International Corporation.
The URL apparently resolved to accounts-google.com (rather than accounts.google.com), and Burdette says “They did a great job with capturing the look and feel of Google.”