In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches:
Two hacking collectives with suspected ties to the Russian government have sustained attacks on a citizen journalism site since 2015, security experts say.
Security vendor TheatConnect released a report concluding Fancy Bear, Russian intel-linked group previously tied to the Democratic National Committee breach, and CyberBerkut, a group claiming to be pro-Russian Ukrainian hacktivists, targeted the Bellington website and organization with spear-phishing, credential harvesting and website defacement campaigns.
Bellington reporters published many investigative articles on Malaysian Airlines flight 17, shot down over Ukraine in 2014, as well as other articles critical of Russia, the report said.
ThreatConnect’s attack timeline shows three waves of attacks. First, Fancy Bear conducted an unsuccessful spear-phishing campaign against Bellington contributors. CyberBerkut then targeted and gained the credentials of a single contributor, followed by another wave of Fancy Bear spear-phishing. The report concludes the groups could be working with each other but also offers the possibility they could have had a common enemy and unique purposes for their attacks.
A ThreatConnect researcher told Dark Reading no evidence indicated CyberBerkut had roles in the DNC breach or other recently identified hacks on U.S. political or electoral systems.
Palo Alto Network’s Unit 42 also recently connected Fancy Bear (also known as APT28, Pawn Storm and Sofacy) to the “Komplex” Trojan, which targets Apple’s Mac OS X operating system, according to Dark Reading. The group uses phishing emails to deliver the Trojan through what looks like a PDF document.
The website DCLeaks posted hundreds of emails detailing the schedules of first lady Michelle Obama, Vice President Joe Biden and Democratic presidential nominee Hillary Clinton.
The Sept. 22 file dump also included a purported image of Michelle Obama’s passport; site diagrams of various events; spreadsheets with the names and Social Security numbers of campaign donors; and names, emails and mobile numbers of Secret Service agents, according to The New York Times.
Hackers obtained the information from a low-level contractor’s personal Gmail account, which the individual used for coordinating event logistics, according to CNN.
Politico reports security experts link DCLeaks with Russian cyber campaign that targets political and state election offices. The site previously released the personal emails of former Secretary of State Colin Powell.
Reddit and 4chan users reportedly manipulated many news sites’ online polls about the first presidential debate results.
The Daily Dot reported a pro-Donald Trump Reddit community and supporters on 4chan messages boards organized efforts to manipulate the online polls of various media outlets including Time,Fortune and CNBC.
According to the report, the Reddit community of more than 200,000 subscribers shared which polls could be manipulated with bots and brigading. Users on some of 4chan’s board shared other tips like voting many times by using a browser's incognito mode.