Russia’s military intelligence directorate, the GRU, has been caught in a new round of computer intrusion attempts, this time aimed at the Center for Strategic and International Studies, a prominent Washington, D.C. think tank heavy with ex-government officials. The new efforts by the Kremlin hackers who notoriously breached the DNC and Hillary Clinton campaign to support Donald Trump suggests that indictments, international sanctions, a botched assassination and an unprecedented global spotlight have done little to deter Vladimir Putin from continuing to target the West with his hacker army, even as American intelligence agencies warn that Russia is gearing up to interfere in the 2020 election. “We’ve about exhausted our ability to achieve some kind of deterrent model that works,” said Robert Johnston, the security expert who investigated the 2016 DNC breach, and now heads the financial cybersecurity firm Adlumin. “You have indictments. You have Cyber Command releasing Russian malware. We ran psyops inside of Russia saying, ‘We know what you’re up to, stop it.’ Sanctions and diplomatic measures. The combination of all those isn’t enough to make it come to a complete halt.”
The GRU hackers, known variously as Fancy Bear, APT28 and Strontium, have developed new attack tools since 2016, but still rely heavily on tried-and-true methods for penetrating a target network, chief among them so-called spear-phishing attacks in which a victim is tricked into entering their login credentials into a fake website.
In 2017 Microsoft lawyers won an injunction allowing the company’s security team to legally hijack the domain names registered by Fancy Bear hackers if the web address encroaches on a Microsoft trademark. In August the company used that capability to thwart attacks against two conservative think tanks, the Hudson Institute and the International Republican Institute.