Tag: Cozy Bear

Russia ‘Cozy Bear’ Breached GOP as Ransomware Attack Hit

Russian government hackers breached the computer systems of the Republican National Committee last week, around the time a Russia-linked criminal group unleashed a massive ransomware attack, according to two people familiar with the matter.

The government hackers were part of a group known as APT 29 or Cozy Bear, according to the people. That group has been tied to Russia’s foreign intelligence service and has previously been accused of breaching the Democratic National Committee in 2016 and of carrying out a supply-chain cyberattack involving SolarWinds Corp., which infiltrated nine U.S. government agencies and was disclosed in December.

It’s not known what data the hackers viewed or stole, if anything. The RNC has repeatedly denied that it was hacked. “There is no indication the RNC was hacked or any RNC information was stolen,” spokesman Mike Reed said. Continue reading.

DHS, State and NIH join list of federal agencies — now five — hacked in major Russian cyberespionage campaign

Washington Post logo

The Department of Homeland Security, the State Department and the National Institutes of Health on Monday joined the list of known victims of a months-long, highly sophisticated digital spying operation by Russia whose damage remains uncertain but is presumed to be extensive, experts say.

The list of victims of the cyberespionage, which already included the Treasury and Commerce departments, is expected to grow and to include more federal agencies and numerous private companies, said officials and others familiar with the matter, who spoke on the condition of anonymity because it is under investigation.

SolarWinds, the maker of widely used network-management software that the Russians manipulated to enable their intrusions, reported in a federal securities filing Monday that “fewer than 18,000” of its customers may have been affected. That’s a small slice of the company’s more than 300,000 customers worldwide, including the Pentagon and the White House, but still represents a large number of important networks. Russia has denied any role in the intrusions. Continue reading.

Russian government hackers are behind a broad espionage campaign that has compromised U.S. agencies, including Treasury and Commerce

Washington Post logo

Russian government hackers breached the Treasury and Commerce departments, along with other U.S. government agencies, as part of a global espionage campaign that stretches back months, according to people familiar with the matter.

Officials were scrambling over the weekend to assess the nature and extent of the intrusions and implement effective countermeasures, but initial signs suggested the breach was long-running and significant, the people familiar with the matter said.

The Russian hackers, known by the nicknames APT29 or Cozy Bear, are part of that nation’s foreign intelligence service, the SVR, and they breached email systems in some cases, said the people familiar with the intrusions, who spoke on the condition of anonymity because of the sensitivity of the matter. The same Russian group hacked the State Department and the White House email servers during the Obama administration. Continue reading.

Cybersecurity firm finds evidence that Russian military unit was behind DNC hack

The following article by Ellen Nakashima was posted on the Washington Post website December 22, 2016:

The Post’s Ellen Nakashima goes over the events, and discusses the two hacker groups responsible. (Jhaan Elker/The Washington Post)

A cybersecurity firm has uncovered strong proof of the tie between the group that hacked the Democratic National Committee and Russia’s military intelligence arm — the primary agency behind the Kremlin’s interference in the 2016 election.

The firm CrowdStrike linked malware used in the DNC intrusion to malware used to hack and track an Android phone app used by the Ukrainian army in its battle against pro-Russia separatists in eastern Ukraine from late 2014 through 2016. Continue reading “Cybersecurity firm finds evidence that Russian military unit was behind DNC hack”