US government agencies, think tanks, and businesses received emails last week that seemed to come from a State department communications aide, encouraging them to download files from a well-known name: Heather Nauert, the State department official Trump has said is “under very serious consideration” to be come UN ambassador.
But the files contained malicious software, Reuters and ZDNet report. And they actually came from Cozy Bear, a group of Russian hackers whom Dutch intelligence say is an extension of Russia’s foreign intelligence service.
Cozy Bear was one of two Russian groups to penetrate the Democratic National Committee, first entering their systems in 2015. The group has been quiet in 2018, having reportedly attacked Dutch and Norwegian ministries last year, and US think tanks and NGOs in 2016. The Kremlin denies any link to Cozy Bear.
Security company FireEye said the phishing attempt targeted more than 20 of their customers, including in defense, law enforcement, media, and pharmaceuticals.