Last year, the White House computer network was the target of a cyber attack and an intrusion. CNN spoke about this cyber attack earlier this month to discuss a journey from an intrusion into the State Department network, before entering sensitive parts of the White House information system.
The American news channel has pointed the finger at Russian hackers with filigree support from the Russian government. This famous cyber attack traces CozyDuke according to a report published by Kaspersky Lab. The name of an APT (Advanced Persistent Threat) otherwise known as CozyBear, CozyCar and Office Monkeys.
For the security solutions publisher, the tools used within the framework of CozyDuke " have similar structural elements "to those of the MiniDuke, CosmicDuke and OnionDuke cyber espionage campaigns. And for the latter, it was already the track of Russian-speaking hackers.
It is therefore now a bunch of evidence that points towards the Kremlin, it being understood that APTs like these require the support of a State. The attacks did not only target American targets, with government organizations in Germany, South Korea and Uzbekistan as well.
The CozyDuke attack begins with spear phishing, in this case very targeted email phishing sprinkled with social engineering to encourage people to click on a link leading to an infected website. A legitimate site that has been hacked to host a .zip archive containing malware and displays an empty PDF file.
Another tactic is sending an infected Flash video as an email attachment with obviously viral power to some offices. Who could resist Office Monkeys LOL Video.zip?
For CozyDuke, of which we need to see more of a toolbox, Kaspersky Lab highlights encryption features, measures against detection by antivirus and the possibility of downloading various powerful malware.