A Russian hacking group began attacking U.S.-based policy think tanks within hours of Donald Trump’s presidential election victory, according to cyber experts who suspect Moscow is seeking information on the incoming administration. Three cyber security firms told Reuters that are tracking a spear-phishing campaign by a Russian-government linked group known as Cozy Bear, which is widely suspected of hacking the Democratic Party ahead of the election. “Probably now they are trying to rush to gain access to certain targets where they can get a better understanding on what is going on in Washington after the election and during the transition period,” said Jaime Blasco, chief scientist with cyber security firm AlienVault. Targets included the Council for Foreign Relations, said Adam Segal, a security expert with the think tank. His colleagues include former U.S. Senator John D. Rockefeller IV and former Reagan administration State Department official Elliott Abrams.
Representatives with the Russian Embassy in Washington could not be reached for comment. Moscow has strongly denied that it was behind the hacks.
Spear-phishing campaigns use malware-tainted emails to infect computers of carefully selected staff at target organizations. They typically appear to be from people whom the victims know and on subjects of interest to them. Some of the emails appeared to be from Harvard University under the subject line, “Why American Elections are flawed,” according to Washington-based cyber security firm Volexity.
The attacks began as the Obama administration was weighing if and how it might respond in its final two months to a series of high-profile hacks on Democratic Party organizations that U.S. intelligence officials have publicly blamed on Moscow.