A Russian state-sponsored cyber-espionage group has come back to life after a one-year period of inactivity with a relative large spear-phishing campaign that has targeted both the US government and private sector.
The hacking group is known in infosec circles as Cozy Bear, APT29, The Dukes, or PowerDuke, and is infamous because it's one of the two Russian state hacking crews that hacked the Democratic National Committee before the 2016 US Presidential Elections.
"On 14 November 2018, CrowdStrike detected a widespread spear-phishing campaign against multiple sectors," Adam Meyers, VP of Intelligence told ZDNet today.
"These messages purported to be from an official with the U.S. Department of State and contained links to a compromised legitimate website," he added. "Individuals receiving the emails worked at organizations in a range of sectors including in think tank, law enforcement, government, and business information services.
"Attribution for this activity is still in progress; however, the Tactics, Techniques, and Procedures (TTPs) and targeting are consistent with previously identified campaigns from the Russia-based actor COZY BEAR," Meyers said.
Story at ZDNet: https://www.zdnet.com/article/russian-apt-comes-back-to-life-with-new-us-spear-phishing-campaign/