Washington Think Tank Organizations Hacked by APT29


August 31, 2016

Defense One, a news site dedicated to US military topics, reports that a Russian-linked cyber-espionage group known as APT29 has attempted to hack several Washington-based think tank organizations.

According to the Defense One report, the attacks took place last week and were successfully detected and stopped by CrowdStrike, the US security vendor that was called in to investigate the infamous DNC hack incident.

CrowdStrike says APT29 is behind the attacks

According to CrowdStrike founder Dmitri Alperovitch, the attacker fits the pattern found in attacks carried out by a cyber-espionage group called APT29, also known as COZY BEAR or CozyDuke.

Security vendors that have analyzed this group’s activities in the past suspect it may have affiliations with the FSB, Russia’s main intelligence services, a department previously led by Vladimir Putin himself before becoming Russia’s President.

APT29 is one of the two cyber-espionage groups that are suspected of hacking the DNC earlier this year. APT29 compromised the DNC servers in the summer of 2015 but was never discovered, at least until APT28 hacked the same server in April 2016, drawing CrowdStrike’s gaze.

Attacks targeted ten individuals working at think tanks

Alperovitch says APT29 targeted fewer than five organizations and ten staffers, all working on Russia-related topics.

“Think tank” is a term used predominantly in the US to describe organizations that perform research concerning topics such as social policy, political strategy, economics, military, technology, and culture.

Read full story…