Russia’s preeminent cyber-espionage group, known as APT28 or Fancy Bear, heavily targeted Barack Obama’s staff during the 2008 campaign, according to newly published research by U.S.-based cybersecurity firm Area 1 Security.
The former president’s closest allies — including campaign staff, top aides and other senior U.S. officials — began receiving a barrage of phishing emails from Russian spies as far back as 2007, when he was still a U.S. senator. Some Obama associates continue to be targeted, Area 1 said. Ex-officials are still being sent phishing emails even though they left government years ago, a trend that shows the attackers’ persistence in trying to compromise assets.
A blog post published Friday afternoon by Area 1 shows that associated phishing emails commonly employed subject lines like “just FYI,” “RFI,” “eFax,” or “Elections.” Several corresponding attachments were titled as “harvard-iop-fall-2016-poll[.]doc” and “37486-the-shocking-truth-about-election-rigging-in-america[.]rtf[.]lnk.”
The evidence uncovered by Area 1, a firm founded by National Security Agency veterans, offers novel insight into how APT28 targets and automates cyberattacks on a wide swath of victims.
In 2013, NBC News first reported — citing unnamed intelligence officials — that Chinese hackers were responsible for a series of digital attacks in 2008 on the campaigns of Obama and Sen. John McCain, his Republican opponent. Russia’s apparent and simultaneous involvement in these intrusions had not been previously reported prior to the Area 1 report.
“Politicians need to evaluate their computer security posture of their campaigns before they announce they’re running for office,” said Area 1 co-founder Blake Darché. “These attacks won’t be the last targeting politicians.”
While the Area 1 report notes that more than 15 executive positions in the Obama administration were repetitively targeted by APT28 — including the director for the Office of Nuclear Threat Science and former U.S. ambassador to Russia — Area 1 did not disclose the names of specific individuals earmarked by Russian hackers.
Multiple individuals whose corresponding titles can be found listed in Area 1 Security’s report told Newsweek that they were unaware of being targeted by a foreign intelligence service.
It’s not uncommon for American political figures to be sent spear phishing emails — otherwise known as malicious emails with booby-trapped attachments that carry malware — from a wide range of cybercriminals. For example, Rep. Michael McCaul, R-Texas, told CyberScoop in January that he was the target of phishing emails on an “almost daily basis.”
Area 1 obtained evidence of this expansive, more than decade long, espionage campaign by monitoring a network of proprietary sensors — “[We] collected this information from our globally distributed sensor network that detects attacks at their earliest stage of formation,” Darché told CyberScoop.