Hackers impersonated State Department spokeswoman Heather Nauert and another official, Susan Stevenson, as part of an effort to target hundreds of people in U.S. law enforcement and defense and law enforcement agencies, according to cybersecurity research firm FireEye Inc.
The hackers are likely connected to Russian intelligence services, FireEye wrote in a blog post. There’s no evidence that Nauert, Stevenson or the State Department itself were hacked, said Nick Carr, a senior manager at FireEye.
Dozens of organizations received emails with a subject line saying Stevenson, the deputy assistant secretary for public affairs at the State Department, had shared a drive with them. The email had a download, labeled as a personal file belonging to Nauert, but was actually malware that would load onto computers if recipients clicked on it, the blog post said. This type of attack is known as phishing.
FireEye said it is not certain who is responsible, but elements of the attack were similar to previous activity by the Russian intelligence-linked group known variously as APT29 and Cozy Bear. That’s the group behind hacking into the Democratic National Committee during the 2016 campaign.
© 2018 CBS Interactive Inc. All Rights Reserved.
