Democratic presidential candidate Hillary Clinton speaks at a rally in
San Francisco, California on May 26, 2016. (Photo: JOSH
EDELSON/AFP/Getty Images)In the last three months, the same group that allegedly breached the Democratic National Committee in April has been trying to take control of Gmail accounts of staff working for Clinton’s 2016 presidential campaign, according to researchers from security firm SecureWorks. Targets included those running Clinton’s communications and organizing her travel, which FORBES believes includes Kristina Schake and Nick Merrill, as well as the director of speechwriting Dan Schwerin. Policy advisers and campaign finance managers were also on the Russians’ list.
In March, SecureWorks witnessed new activity from the hacker group, known by many names, including APT28, Fancy Bear, Pawn Storm, Sofacy and Sednit. The hackers, widely thought by US security researchers to be sponsored by the Russian government, had started creating links shortened with Bitly to forward on to Clinton’s campaign staff. Cybercriminals and government spies like to use Bitly to hide the true web address – often subtly different from the site they spoofed – that they attempt to trick targets into opening. But inside the Bitly links used by APT28 were encoded strings, which, once decoded, contained the target email addresses, revealing details of the hackers’ plans.
Once clicked, those links appeared to take the target through to a fake Google GOOGL -2.77% login page. As soon as the they provided the login credentials, the Russian crew would log in and access all the data in the Google account.
Online records for hillaryclinton.com indicated the official Clinton campaign used Google Apps, which lets organizations use Gmail as their main email client, SecureWorks noted. Clinton’s staff would, therefore, have signed into their email via a Google login looking much like the spoofed pages.
0 comments:
Post a Comment