sb-as logo
Story image

Are Russian hackers targeting Hillary Clinton?

New research has revealed Russian hackers have been targeting key staff members working for Hillary Clinton’s presidential campaign.

The research comes from SecureWorks’ Counter Threat Unit research team, who believes the hackers are working on behalf of the Russian government.

The CTU is calling this Russian hacker group, Threat Group (TG-4127) 

According to the research, utilising spearphishing emails containing Bitly links, used to shorten malicious URLs, TG-4127 attempted to redirect campaign employees to a controlled URL that spoofed a legitimate Google login page. If the target then entered their Google credentials, TG-4127 can then use those entered credentials to access the victim’s corresponding campaign Gmail account. 

By exploiting the Hillary for America campaign mail solution, which uses Gmail, and http://www.hillaryclinton.comwebsite, TG-4127 targeted campaign employees' to access their email account. 

Further observations from CTU researchers found:

·         The first short links targeting hillaryclinton.com email addresses begun being created in mid-March 2016; the last link was created in mid-May

·         TG-4127 created 213 short links targeting 108 email addresses of staff members on the hillaryclinton.com domain. Bitly Data reveals:

o   20 of the 213 short links have been clicked

o   11 links were clicked once

o   8 were clicked twice or more

·         CTU researchers identified the owners of 66 of the targeted hillaryclinton.com email addresses. The identified target email owners held the following titles:

o   National political director

o   Finance director

o   Directors of strategic communications, scheduling, and travel

o   Traveling press secretary

·         There was no open-source footprint for the remaining 42 addresses, suggesting that TG-4127 acquired them from another source, possibly other intelligence activity

“It is well known that users rarely check for the full URL associated with short links; this allows hackers to utilise URL-shortening services to effectively hide malicious URLs,” says  

Alex Tilley, senior security researcher, SecureWorks Counter Threat Unit.

“Businesses need to ensure they are taking the appropriate precautions to minimise the risk of these types of attacks,” he adds.

“It is important to educate users about the risks of spearphishing emails and how to exercise due diligence when faced with a shortened link, especially in unsolicited email messages,” Tilley says.

“Businesses using Gmail as a corporate mail solution, should educate users about the risk of spoofed login pages and encourage them to confirm they are on the legitimate Google Accounts page when presented with a Google login prompt,” he explains.

According to the CTU, TG-4127 has also been observed to target individuals in Russia and the former Soviet states, current and former military and government personnel in the U.S. and Europe, individuals working in the defence and government supply chain, and authors and journalists.

Story image
Secureworks: Remote working exposes new security vulnerabilities
New vulnerabilities have been exposed as IT teams across the world respond to the ongoing COVID-19 pandemic.More
Story image
Report reveals relationship between boardroom and cybersecurity investments
“While boards are definitely listening and stepping up with increased budget for cybersecurity, they tend to view any investment as a cost rather than adding business value."More
Story image
BlueVoyant acquires Managed Sentinel, builds out Microsoft MSS offerings
“Combining Managed Sentinel’s Azure Sentinel deployment expertise with BlueVoyant’s MDR capabilities will help customers operationalise and maximise Microsoft security technologies."More
Story image
Security and operations collaboration key to success post COVID-19
“We are in an ultra-hybrid world with multi-everything, and in order to successfully navigate this landscape, ITOps, DevOps, and SecOps teams need to more closely align."More
Story image
Experiencing ransomware significantly impacts cybersecurity approach
"The survey findings illustrate clearly the impact of these near-impossible demands. Among other things, those hit by ransomware were found to have severely undermined confidence in their own cyber threat awareness."More
Story image
Research: Younger cybersecurity pros more fearful of being replaced by AI
According to the findings, 53% of respondents under 45 years old either agreed or strongly agreed that AI and ML are a threat to their job security, despite 89% of this demographic believing that it would improve their jobs.More