They would appear and sound like some fancy characters right out of the pages of a fairytale book. However, Cozy Bear and Fancy Bea are nothing but smart monikers for Russian hacking group trying to play foul. Reportedly, the hacker group was responsible for stealing a good amount of data in 2016 when US Presidential elections were in full bloom. In a comeback season in 2018, Palo Alto’s security wing has confirmed how this hacker in the shape of email attachments. These attachments when opened or downloaded on to your system shall work effectively to retrieve the system data and info about the target computer. It is also capable of taking a screenshot of the PC and then sent those images back to the hacker group via a remote server.
Phishing emails, the basic ones are now easy to mark in your inbox and get rid of them in the very first instant. However, in this case, the phishing attack is quite hard to spot if the rogue server isn’t quite active. The attachments, too, take the form of regular attachments and hence appear to be less harmful as mentioned in the threat intelligence backed firms and their latest revealing on the same through their latest blog post. Speaking of attachments, Palo Alto recently spotted a suspicious email that was cleverly titled as “Crash List, Lion Air Boeing 737”. The file format was .docx which upon opening would lead straight towards loading a multitude of Word templates which in turn would run a string of malicious codes on the target PC. That puts an ally on the fact how the Russian hacker group is making use of recent events to lure a target PC in downloading and opening the attachments. Incidentally, Lion Air Boeing 737 relates to the October air crash that resulted in the death of 189 passengers. It is believed that this particular phishing method is targeting government organizations in the United States, European Union, and the ex-Soviet states.
The incident has brought in light the very objective of government funding for cyber-security resources on a national level. Frankly, their absence would jeopardize political stability leading to chaos and uncertainty on many levels. The Department of Justice, USA has already announced the names of 12 such Russian nationals who have been indicted of federal crime thus influencing the 2016 US presidential election. The indictment further states that all 12 accused are members of GRU, which again is the Russian military intelligence agency. The GRE members are believed to have hacked the Democratic Congressional Campaign Committee’s computer network as well as gathered data on Hillary Clinton’s election campaign. Following the incident, they also released several confidential documents using aliases like “DCLeaks” and Guccifer 2.0. Now, no matter what this indictment says, the GRU is far from being labeled as guilty as the US doesn’t have an active extradition treaty in place with Russia. In other words, these accused members of the GRU will be inflicted with no obligation from the government to send them to a court of law on the American soil to be tried for their crimes.