PENSACOLA, Fla. — Russian hackers were once again trying to steal sensitive information from the United States. This time, using Microsoft emails in an attempt to trick Department of Defense employees and military contractors.
It’s called spear phishing. A cybersecurity expert says this isn’t the first time something like this has happened. It’s something that’s been happening for decades.
“This really goes back to the Cold War and even as early as World War II,” says Guy Garrett with University of West Florida Center for Cybersecurity.
The latest hack attempt was thwarted, according to the Department of Justice.
On Thursday, the DOJ unsealed a warrant authorizing the seizure of 41 internet domains used by hackers linked to Russian intelligence agents and their proxies to commit computer fraud and abuse in the U.S.
The hackers had various targets using seemingly legitimate Microsoft email accounts to steal information from journalists, U.S.-based companies, former and current DOD employees, the Department of Energy, as well as military contractors.
Garrett says the bad Russian actors used a tactic called spear phishing.
“Fishing is when you send email scams to anybody who would get them. Anybody who could answer. Spearfishing is targeted,” Garrett said. “So, for example, if I’m gonna go out in the Gulf, let’s say I’m gonna go fishing for grouper. I’m looking for a specific kind of fish, same thing electronically. I’m looking for people usually who have specific credentials and characteristics that I can refine a target to make it more believable.”
The hackers are trying to get ahold of sensitive information.
“They’re called advanced persistent threats and it’s a spy vs. spy game,” Garrett says. “So, they’re looking for any information that could compromise National Security that would give them an edge on the global stage. That’s what they’re looking for.”
Garrett says something similar to this has happened before. In 2020, a group of Russian hackers attacked SolarWinds — an American IT company.
“That looked exactly like a legitimate update to that software and it got through,” says Garrett.
He says if hacks are successful, bad actors have the potential to find out things, like who are our CIA contacts oversees and troop movements.”
“People’s lives get put into danger by this,” says Garrett.
He says it’s important to keep in mind the No. 1 rule of cybersecurity.
“Nobody legitimate is going to ask you for your credentials,” says Garrett. “If they’re asking you for username, password, banks accounts… if they’re asking for your dog’s name, your mom’s name, they don’t have your best interest in mind and you need to tell them, ‘No.'”
Microsoft also announced on Thursday that it’s filing civil action to seize 66 internet domains used by a Russian group called “Star Blizzard.” The National Cybersecurity Agency says Star Blizzard has been targeting sectors in academia, defense, think tanks, and politicians since 2019.