Russian APT launched a new phishing campaign on the Pentagon

A sophisticated APT group who targeted the White House and State Department, have launched a new stealth spear phishing campaign on the Pentagon.

The Daily Beast has revealed that he got the proof that the White House and State Department were hacked by a sophisticated Russian APT.
The newspaper that published the news in exclusive has run a spear phishing campaign against the staff at the Pentagon.
“Hackers linked to Russia who penetrated the computer networks of the White House and the State Department have turned their sights on the Pentagon, The Daily Beast has learned. And this time the hackers are using more sophisticated technologies that make them exceptionally hard to detect and that allow them to cover their tracks.” states the newspaper.The Daily Beast has obtained an email notice that the Defense Department sent Friday warning “at least five” computers at the Department Of Defense were compromised by hackers, the notice confirmed the link with cyber attacks against the White House and the State Department.The notice was distributed to Defense Department contractors and others, it is as an “anticipatory intelligence product.”The experts in the US government did not provide further information on the attack, they haven’t provided any information on the stolen data and haven’t specified the Government agencies targeted by the hackers.The experts in the notice confirmed the attack was very sophisticated.

“The sophistication of this attack far surpasses anything we have seen to date from any state actors,” said Michael Adams, a computer security expert who served more than two decades in the U.S. Special Operations Command. 

“To use a military analogy, the level of sophistication of this attack is like comparing a World War I propeller-driven fighter plane to a stealth bomber coming in under the radar, completely destroying its target, and leaving before the enemy even realizes they have been attacked,” Adams said.

The disconcerting aspect of the story is that hacker are still targeting US government agencies, a new sophisticated campaign was detected on July 8. Also in this case hackers relied on spear phishing campaign email that purported to come from the National Endowment for Democracy, a prominent non-profit organization that supports pro-democracy efforts around the world.

“The emails contained a link that, when clicked, takes recipients to an infected server on the organization’s network. It then downloads malicious software onto the victim’s computer.”

As reported in the notice, the hackers used a multi-stage attack, once a first component infects the target it downloads other malicious payloads from the C&C server, the connections are protected by encryption to avoid detection.

“While I am somewhat comforted to hear that the malware was discovered on some systems, it is a virtual certainty that there are more instances of this malware inside the DOD and whatever other parts of our infrastructure this enemy has targeted,” Adams said.

Another notice obtained by The Daily Beast, warns that hackers are now targeting the Pentagon, the “U.S. government agencies and private sector companies” exploiting one of the flaws in Adobe Flash disclosed after the hack of the Hacking Team firm.

Pierluigi Paganini

(Security Affairs – Russian APT, US Government, Pentagon)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Chinese cyber spies targeted phones used by Trump and Vance

China-linked threat actors targeted the phone communications of Donald Trump and vice presidential nominee JD Vance.…

8 hours ago

Irish Data Protection Commission fined LinkedIn €310M for GDPR infringement

Irish Data Protection Commission fined LinkedIn €310M for violating user privacy by using behavioral data…

16 hours ago

Change Healthcare data breach impacted over 100 million people

The Change Healthcare data breach in the February 2024 impacted over 100 million, the largest-ever…

1 day ago

OnePoint Patient Care data breach impacted 795916 individuals

US hospice pharmacy OnePoint Patient Care suffered a data breach that exposed the personal info…

1 day ago

From Risk Assessment to Action: Improving Your DLP Response

DLP is key in cybersecurity; a risk assessment identifies data risks, helping turn findings into…

2 days ago

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco ASA and FTD, and RoundCube Webmail bugs…

2 days ago

This website uses cookies.