A Russian hacking group began attacking U.S.-based
policy think tanks within hours of Donald Trump's presidential
election victory, according to cyber experts who suspect Moscow is
seeking information on the incoming administration.
Three cyber security firms told Reuters that are tracking a
spear-phishing campaign by a Russian-government linked group known
as Cozy Bear, which is widely suspected of hacking the Democratic
Party ahead of the election.
"Probably now they are trying to rush to gain access to certain
targets where they can get a better understanding on what is going
on in Washington after the election and during the transition
period," said Jaime Blasco, chief scientist with cyber security
firm AlienVault.
Targets included the Council for Foreign Relations, said Adam
Segal, a security expert with the think tank. His colleagues
include former U.S. Senator John D. Rockefeller IV and former
Reagan administration State Department official Elliott Abrams.
Representatives with the Russian Embassy in Washington could not
be reached for comment. Moscow has strongly denied that it was
behind the hacks.
Spear-phishing campaigns use malware-tainted emails to infect
computers of carefully selected staff at target organizations. They
typically appear to be from people whom the victims know and on
subjects of interest to them.
Some of the emails appeared to be from Harvard University under
the subject line, "Why American Elections are flawed," according to
Washington-based cyber security firm Volexity.
The attacks began as the Obama administration was weighing if
and how it might respond in its final two months to a series of
high-profile hacks on Democratic Party organizations that U.S.
intelligence officials have publicly blamed on Moscow.
A former senior Obama administration official said on Thursday
that the White House had decided to take action against Russia
after the election but no decision had been made on exactly how to
respond.
Options included U.S. prosecutors indicting Russians believed to
be behind the attacks, applying new economic sanctions against
Moscow and the United States launching a retaliatory cyber attack
against Russia, said the former official who asked not to be
named.
White House officials feared that retaliating before the
election could have led Russia to launch a major cyber attack on
the United States that would have disrupted the banking system,
power grid or internet service. But they said administration
officials had decided that the United States needed to show after
the election that it would respond to state-sponsored cyber
attacks, said the former official.
Trump has said he is not convinced Russia was behind the
attacks. He has yet to fill key national security posts, which
makes it difficult to assess how his administration might handle
the issue.
Harvard's chief information security officer, Christian Hamer,
warned staff about the attacks on Thursday afternoon, saying that
federal law enforcement was investigating.
He said some of the emails used in the campaign appeared as if
they were sent from members of Harvard's Faculty of Arts and
Sciences, using the school's branding.
An FBI representative declined comment.