Russian hackers impersonate U.S. officials to infect computers with malware: reseachers

Hackers linked to the Russian government are impersonating U.S. State Department employees in an operation aimed at infecting computers of U.S. government agencies, think-tanks and businesses, two cybersecurity firms told Reuters.

The operation, which began on Wednesday, suggests Russia is keen to resume an aggressive campaign of attacks on U.S. targets after a lull going into the Nov. 6 U.S. midterm electionin which Republicans lost control of the House of Representatives, according to CrowdStrike and FireEye Inc.

U.S. intelligence agencies have charged that Russia wasbehind a string of hacks in the 2016 presidential campaign in a bid to boost support for Donald Trump. The U.S. government andprivate cybersecurity firms have said Russia was not behindhacking campaigns in this month's congressional elections.

In the newly discovered operation, hackers linked to theRussian government sent emails purporting to come from State Department public affairs specialist Susan Stevenson, accordingto a sample phishing email reviewed by Reuters.

It encouraged recipients to download malicious documents that claimed to be from Heather Nauert, a State Department official who Trump has said he is considering naming ambassador to the United Nations.

That file would install malicious software that would granthackers wide access to their systems, according to FireEye.

More than 20 FireEye customers were targeted, including military agencies, law enforcement, defence contractors, mediacompanies and pharmaceutical companies, according to thecybersecurity firm.

CrowdStrike and FireEye did not say how many organizations had been compromised in the campaign or identify specifictargets.

Gained access through hospital, consulting company

The hackers are part of a group known as APT29, according toFireEye. Dutch intelligence has said that APT29, also known as Cozy Bear, works for the SVR Russian Foreign Intelligence Service.Moscow-based cybersecurity firm Kaspersky Lab confirmed that the campaign was the work of APT29, and said the group had notbeen active since last year.

Representatives at the Russian embassy in Washington couldnot be reached for comment. Moscow has repeatedly deniedallegations that it was behind APT29 or other hacking campaignstargeting the United States.

The attackers first compromised a hospital and a consulting company, then used their infrastructure to send phishing emailsthat appeared to be secure communication from the State Department, FireEye researcher Nick Carr told Reuters.

A State Department spokesperson said he had no immediate comment.

On Friday, Trump signed legislation tocreate a newcybersecurityagency within the Department of Homeland Security.

The administration said theCybersecurityand Infrastructure Security Agency (CISA)will serve as the focal point for defending civilian and federal networks to protect critical infrastructure including the nation's election security.

Trump previously said he and Russian President Vladimir Putin haddiscussed jointly forming an "impenetrable cybersecurity unit" but backtracked on the idea after hewas harshly criticized by Republicans who said Moscow could not be trusted.