US Indicts Two Russian Hackers Who Fooled Military Officers and Nuclear Researchers | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

Federal prosecutors on Thursday charged two Russian men with conducting a wide-ranging hacking campaign on behalf of the Russian government that targeted current and former U.S. government officials, defense contractors and employees of federally funded research facilities studying nuclear energy and advanced computing technologies.

Ruslan Peretyatko and Andrey Korinets used malicious emails to steal passwords from American military, intelligence and diplomatic personnel and collected “valuable intelligence … related to United States defense, foreign affairs, and security policies, as well as nuclear energy related technology, research, and development,” the Justice Department said in an indictment.

Korinets and Peretyatko each face one count of conspiracy to commit computer fraud and abuse. Both men remain at large, presumably in Russia. The State Department has offered rewards of up to $10 million for information leading to their arrest or the apprehension of their co-conspirators.

The announcement of the charges came as the U.S. joined with the U.K., Canada, Australia and New Zealand to accuse Russia of a years-long hacking campaign that sought in part to sow discord in British politics. Western cybersecurity agencies also released a report about the tactics of the Russian cyber unit that Peretyatko and Korinets supported, known as “Star Blizzard.”

The new indictment describes a sweeping campaign that targeted computers and accounts in multiple NATO countries — especially the U.S. and U.K. — and other countries including Ukraine. The U.S. targets, some of whom were successfully hacked, included a retired ambassador, a retired Air Force general and an employee of a military institute, all of whom lived in California, where prosecutors brought the charges. Other targets included current employees of American defense contractors, former intelligence officers and current and former Pentagon and State Department officials.

The hackers registered email addresses that mimicked their targets’ colleagues and email providers’ official accounts. They then crafted messages designed to trick their targets into downloading malware or turning over login information, a technique known as spearphishing.

According to the charges, the two men sometimes used information stolen from one victim, such as the contents of an email signature, to make future spearphishing messages look more credible. They also used URL shortening services to conceal the nature of the malicious links they distributed and virtual private servers to hide their digital fingerprints. And because people often reuse their passwords, the hackers could sometimes log into multiple accounts belonging to one victim with the same set of credentials.

The indictment describes several of the hackers’ spearphishing attacks, offering details that highlight how people with access to sensitive information remain easily fooled by simple hacking techniques.

In one incident that occurred in late May 2022, the hackers sent an email to a nuclear engineer at one of the Energy Department’s national laboratories asking him to click a link and type in his username and password. The target complied a few days later, according to the indictment, at which point the hackers logged into his account and set up safeguards to ensure that emails from his IT department — which could have alerted him to suspicious activity — never reached his inbox.

In another incident in late September 2022, an Energy Department lab employee received a malicious email from a Hotmail address that mentioned an attached document — but didn’t include it. The employee responded to the message to ask about the attachment, at which point the hackers responded with the malicious document.

Other schemes described in the indictment further illustrate the breadth of the hackers’ ambitions. The duo impersonated a national security reporter in July 2018 in an attempt to compromise a former intelligence official who still worked for the U.S. government. And in 2017, for a password-stealing email to “a military official from an Eastern European country,” they pretended to be Microsoft’s customer-service department.


Click Here For The Original Story From This Source.

National Cyber Security