EXCLUSIVE: Russia-Backed DNC Hackers Strike Washington Think Tanks
The same Kremlin-backed group that hacked the Pentagon, State Department, and DNC targeted DC insiders last week.
Last week, one of the Russia-backed hacker groups that attacked Democratic computer networks also attacked several Russia-focused think tanks in Washington, D.C., Defense One has learned.
The perpetrator is the group called COZY BEAR, or APT29, one of the two groups that cybersecurity company CrowdStrike blamed for the DNC hack, according to founder Dmitri Alperovitch. CrowdStrike discovered the attack on the DNC and provides security for the think tanks.
Alperovitch said fewer than five organizations and 10 staffers researching Russia were hit by the “highly targeted operation.” He declined to detail which think tanks and researchers were hit, out of concern for his clients’ interests and to avoid revealing tools and techniques or other data to hackers. CrowdStrike alerted the organizations immediately after the company detected the breaches and intruders were unable to exfiltrate any information, Alperovitch said.
Defense One reached out to several think tanks with programs in Russian research, one of which was the Center for Strategic and International Studies, or CSIS. “Last week we were under attack, but our small staff was very responsive. Beyond that, I’m not going to discuss the details because it is under active investigation,” the H. Andrew Schwartz, CSIS Senior Vice President for External Relations, said in an email.
James Andrew Lewis, Senior Vice President and director, strategic technologies program, at CSIS said, “It’s like a badge of honor — any respectable think tank has been hacked. The Russians just don’t get the idea of independent institutions, so they are looking for secret instructions from Obama. Another benefit is they can go to their bosses and show what they took to prove their worth as spies.”