US Intel Agency Says Russia Targeted Think Tanks

A new report from the Office of the Director of National Intelligence (ODNI) confirms many previous reports from the media and cybersecurity firms in saying that Russian has been hacking into think tanks.  Here is an excerpt:

We assess Russian intelligence services collected against the US primary campaigns, think tanks, and lobbying groups they viewed as likely to shape US policy...Immediately after Election Day, we assess Russian intelligence began a spearphishing campaign targeting US Government employees and individuals associated with US think tanks and NGOs in national security, defense, and foreign policy fields.  This campaign could provide material for future influence efforts as well as foreign intelligence collection on the incoming administration's goals and plans.

Here is a previous Think Tank Watch post on Russia's alleged targeting of think tanks during the election season.  Nearly every major US think tank has been targeted by foreign intelligence agencies over the past few years.

Think Tanks Targeted in Post-Election Hacking Campaign

Here is more from The Hill:

Think tanks and NGOs have received a flurry of spear phishing attempts linked to a Russian espionage group since the election.  

“Think tanks being targeted by APT29/COZY today, spearphishing emails claiming to be about election,” tweeted Adam Segal, Lipman chair of emerging technologies at the Council on Foreign Relations, on Wednesday.

APT 29, also called Cozy Bear, is a hacking group believed to be connected with the Russian government. It recently made headlines as part of the hack on the Democratic National Committee. 

The attempts echoed attacks over the past couple of years similarly targeting think tanks, universities and NGOs, including Transparency International, the International Institute for Strategic Studies, Eurasia Group and the Council on Foreign Relations.

Morning Consult notes that hackers "sent malware-laden emails" to people who worked at the Brookings Institution, RAND Corporation, Atlantic Council, and other organizations.

Think Tank Watch should note that during the presidential election season hackers were very active in trying to gather intelligence from think tanks and think tankers.

BAE: Reading Think Tank Reports Can Harm Your Company

The threats intelligence department of  defense giant BAE Systems says that even though think tanks have been the subject of targeted cyber attacks for quite some time, it has seen a particularly aggressive campaign against think tanks over the past year.

BAE says that think tanks are attractive targets because they have an unusual combination of a high level of trust among the participants with relatively low resources for defense.

In a video with James Hatch, Director of Cyber Services at BAE Systems Applied Intelligence, the attacks against think tanks are described in more details:

Attackers want to access think tank network for two purposes:  Firstly, they are interested in the conversations and policy discussions that go on within those organization, and secondly, they are interested in using them as staging posts to attack major corporations and government departments.  They'll do this either by compromising email infrastructure to be able to set up spearfishing attacks or by compromising websites to be able to set up watering hole attacks.

We recently investigated an attack on a major think tank where their website was compromised.  The compromise was undertaken using an exploit that had only been publicly known about for a few days.  Anyone who accessed the website would have had software downloaded on their machine that would have given a toehold to the attackers.  Given the nature of that think tank, most of the people accessing that website would have been doing so from the machines of major corporations.  We traced the attack group to be a nation-state with a particular interest in commercial espionage.

In other words, think tanks could very likely be exposing your business to cyber attacks and espionage. 

As Think Tank Watch has reported, during the past few years, it has been publicly (and privately) disclosed that nearly every major US think tank has been hacked.  Besides attacks on Heritage and Urban Institute, Think Tank Watch has documented hacks on think tanks such as the Aspen Institute, Brookings, American Enterprise Institute (AEI), Center for American Progress (CAP), Council on Foreign Relations (CFR), and Center for Strategic and International Studies (CSIS).