When Wikileaks released thousands of emails from the Democratic National Committee (DNC), democrats called on cybersecurity technology company CrowdStrike to look into how Wikileaks obtained that data.
CrowdStrike concluded that Russian hackers were behind the breach.
“We deployed our IR team and technology and immediately identified two sophisticated adversaries on the network—COZY BEAR and FANCY BEAR,â€Â the company explains in a blog post.
Cozy Bear and Fancy Bear are two groups that routinely commit international cybercrimes and digital espionage. Fancy Bear traces to Russia, according to security experts.
Cybersecurity company Kaspersky Lab is also aware of these groups. From the company’s blog:
“CozyDuke (aka CozyBear, CozyCar or “Office Monkeysâ€) is a precise attacker. Kaspersky Lab has observed signs of attacks against government organizations and commercial entities in the U.S., Germany, South Korea, and Uzbekistan. In 2014, targets included the White House and the US Department of State
FANCY BEAR (also known as Sofacy or APT 28) is a separate Russian-based threat actor, which has been active since mid 2000s, and has been responsible for targeted intrusion campaigns against the Aerospace, Defense, Energy, Government, and Media sectors.”
In July, 2015, HiTrust Alliance listed  CozyBear as a known threat in a monthly threat assessment. Security firm Sophos reports that Fancy Bear hacked into DNC servers in April.
The
recent DNC breach may have resulted from threats well known to cybersecurity companies. The questions abound: Why were DNC’s email servers left vulnerable? Who guards government IT infrastructure?The fact these hacks presumably originated from Russia is not surprising, but the lack of precaution is, according to Larry Whiteside, Jr., Co-founder and Executive Vice President, International Consortium of Minority Cybersecurity Professionals (ICMCP). “The hacking and release of DNC emails are an unfortunate sign of the times as it relates to the use of technology today,†he said in an email comment to Black Enterprise.
“It’s being reported to have been performed by a group out of Russia or being state-sponsored by Russia is also not surprising. There are many state-sponsored groups specifically in place to target the U.S. government and/or U.S.-based companies.â€
The big issue, according to Whiteside, is that the U.S. “has a big bulls-eye on its back.â€
“There, unfortunately, is a treasure trove of information that attackers can use to either embarrass organizations or monetize for personal gain. This being the case the U.S. government and U.S.-based companies must take the necessary precautions as it relates to proper cybersecurity controls and cybersecurity hygiene.â€