Russian hackers seem to have been busy on Nov. 14.
Separate reports have tied the country’s hackers to attacks on officials in both the US and Germany on the same day. It’s unclear if the events were linked.
First, US cybersecurity companies reported that the group known as Cozy Bear—allegedly an arm of Russia’s foreign intelligence service, best known for being the first Russian hacking team to infiltrate the Democratic National Committee—seemed to have come back to life. The group was the likely source of new hacking attempts on US government agencies, think tanks, and businesses, the companies said. The emails purported to contain files from senior State Department official Heather Nauert, but they actually held malicious software.
Then last week (Nov. 29), German authorities told Der Spiegel magazine (link in German) they had detected an attack on the exact same day, targeting email accounts belonging to the country’s lawmakers, military, and embassies. It was the second attack by Russian hackers on Germany in the space of a year, following a global attack picked up by German security services in December 2017. The hacking campaign, known variously as “Snake” or “Turla,” has been tied to the Russian state—though the Kremlin denied any connection to the previous attack.
It’s unclear whether any data was stolen in either attack. Last year, the “Snake” campaign reportedly infected 17 German computers, including one belonging to a defense ministry official. The attackers took a small amount of data, some of which concerned Russia. It was part of a broader campaign that also targeted former Soviet republics including Ukraine and the Baltics, plus Scandinavia and some South American countries, Reuters reported.