US cybersecurity experts say hackers impersonating a State Department official have targeted U.S. government agencies, businesses and think tanks in an attack that bears similarity to past campaigns linked to Russia.
The “spear phishing” attempts began on Wednesday, sending e-mail messages purported to come from a department public affairs official.
Cybersecurity companies CrowdStrike and FireEye both said they were still working to attribute the attack. But it was consistent with past hacking campaigns by Cozy Bear, or APT29, a Russian group believed to be associated with Russian intelligence and linked to hacking ahead of the 2016 U.S. presidential election.
The State Department said: “The Department is aware of the recent malicious cyber event involving the spoofing (impersonation) of a Department employee reported by U.S. cybersecurity firm FireEye. No Department networks were compromised by this malicious cyber attempt.”