Hackers Impersonated State Department Spokeswoman, Experts Say

(Bloomberg) -- Hackers impersonated State Department spokeswoman Heather Nauert and another official, Susan Stevenson, to target hundreds of people in U.S. defense and law enforcement agencies, according to cybersecurity experts.

The hackers are probably a group linked to Russian intelligence services, according to research by the firms FireEye Inc. and CrowdStrike Inc. published Monday in a blog post by FireEye. There’s no evidence that Nauert, Stevenson or the State Department were hacked, said Nick Carr, a senior manager at FireEye.

Targets at dozens of organizations received an email with a subject line stating that Stevenson, State’s deputy assistant secretary for public affairs, had shared a drive with them. The email contained a download, labeled as a personal drive belonging to Nauert, that was actually malware that would load onto victims’ computers if they clicked on it, according to the blog post.

The hackers likely used Nauert’s and Stevenson’s names in order to mislead the media and raise doubts about the security of their accounts. In fact, rumors to that effect have spread on social media, Carr said.

The attack probably originated with the Russian intelligence-linked group known variously as APT29 and Cozy Bear. The firms aren’t certain who, exactly, is responsible, but elements of the attack including its scope, targets and tactics were similar to the group’s previous activity. The same group infamously hacked into the Democratic National Committee during a broader Russian effort to assist Donald Trump’s campaign during the 2016 election.

In this case, the hackers were probably trying to obtain intelligence, said Adam Meyers, a vice president at CrowdStrike. The number of people who clicked on the malware is unknown.

A State Department representative, who requested anonymity to discuss the matter, said that while some members of the staff did get the email, the department’s cybersecurity defenses prevented any penetration of its networks.

©2018 Bloomberg L.P.