Hackers Target Citizen Journalists; Share Michelle Obama's Passport and Corrupt Presidential Debate Polls

In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches:

Russia-Linked Fancy Bear Targets Citizen Journalists

Two hacking collectives with suspected ties to the Russian government have sustained attacks on a citizen journalism site since 2015, security experts say.

Security vendor TheatConnect released a report concluding Fancy Bear, Russian intel-linked group previously tied to the Democratic National Committee breach, and CyberBerkut, a group claiming to be pro-Russian Ukrainian hacktivists, targeted the Bellington website and organization with spear-phishing, credential harvesting and website defacement campaigns.

Bellington reporters published many investigative articles on Malaysian Airlines flight 17, shot down over Ukraine in 2014, as well as other articles critical of Russia, the report said.

ThreatConnect’s attack timeline shows three waves of attacks. First, Fancy Bear conducted an unsuccessful spear-phishing campaign against Bellington contributors. CyberBerkut then targeted and gained the credentials of a single contributor, followed by another wave of Fancy Bear spear-phishing. The report concludes the groups could be working with each other but also offers the possibility they could have had a common enemy and unique purposes for their attacks.

A ThreatConnect researcher told Dark Reading no evidence indicated CyberBerkut had roles in the DNC breach or other recently identified hacks on U.S. political or electoral systems.

Palo Alto Network’s Unit 42 also recently connected Fancy Bear (also known as APT28, Pawn Storm and Sofacy) to the “Komplex” Trojan, which targets Apple’s Mac OS X operating system, according to Dark Reading. The group uses phishing emails to deliver the Trojan through what looks like a PDF document.

Michelle Obama, Joe Biden and Hillary Clinton Schedules Included in Data Dump 

The website DCLeaks posted hundreds of emails detailing the schedules of first lady Michelle Obama, Vice President Joe Biden and Democratic presidential nominee Hillary Clinton.

The Sept. 22 file dump also included a purported image of Michelle Obama’s passport; site diagrams of various events; spreadsheets with the names and Social Security numbers of campaign donors; and names, emails and mobile numbers of Secret Service agents, according to The New York Times.

Hackers obtained the information from a low-level contractor’s personal Gmail account, which the individual used for coordinating event logistics, according to CNN.

Politico reports security experts link DCLeaks with Russian cyber campaign that targets political and state election offices. The site previously released the personal emails of former Secretary of State Colin Powell.

Bots and Brigading Corrupt Online Presidential Debate Polls 

Reddit and 4chan users reportedly manipulated many news sites’ online polls about the first presidential debate results.

The Daily Dot reported a pro-Donald Trump Reddit community and supporters on 4chan messages boards organized efforts to manipulate the online polls of various media outlets including Time,Fortune and CNBC.

According to the report, the Reddit community of more than 200,000 subscribers shared which polls could be manipulated with bots and brigading. Users on some of 4chan’s board shared other tips like voting many times by using a browser's incognito mode.  

Some suspected Russian hackers coordinated hacking polls and making the #TrumpWon hashtag trend on Twitter. Buzzfeed reported its own poll was manipulated by a JavaScript program that allowed users to voted repeatedly. The report also said the hashtag users primarily came from the U.S.