“Fancy Bear” and “Cozy Bear” might sound like characters in a fairy tale, but both are monikers for elite Russian hacker groups responsible for stealing data from the Democratic National Committee during the 2016 U.S. presidential elections.
Now, security firm Palo Alto Networks says it’s uncovered the groups’ latest tricks. According to Wired, they’re sending “weaponized documents” as email attachments that retrieve system information about the target’s computer — and even screenshots of the computer’s desktop — which are then sent back to a remote server set up by the hackers.
What makes this kind of phishing attack particularly hard to spot is the fact that if the rogue server is not active, the attachments look “largely benign,” according to the security firm’s blog post on the topic.
Palo Alto Networks identified a particularly suspicious email attachment titled “crash list(Lion Air Boeing 737).docx” that attempts to load Microsoft Word templates containing malicious code when opened on a target’s computer. That means Russian hackers are using recent events to lure in targets — Lion Air Boeing 737 refers to a deadly plane crash in October that resulted in the death of all 189 people on board.
Lion Air Boeing 737
The target of the Lion Air phishing attempt: members of “government organizations in the EU, US, and former Soviet states,” according to Palo Alto Networks.
This latest instance yet again underlines how important it is for governments to support and fund national cybersecurity resources. Without them, political instability and uncertainty will rule the day.
READ MORE: Russia’s Elite Hackers May Have New Phishing Tricks [Wired]
More on Russian hacking: We Knew Russian Hackers Infiltrated Americans’ Inboxes