In a sharp escalation of East-West cyberwarfare, millions of employees of prominent U.S. companies working at home due to the pandemic have been targeted by a Russian hacking group, warns the Internet security group Symantec.
Russia is far from the only player targeting Americans online.
Ever since COVID-19 struck the U.S., hackers from Russia, China, Iran, and North Korea have spread disinformation on the pandemic through the “weaponization” of social media, intended to agitate Americans.
A recent report issued by Carnegie Mellon University, analyzing over 200 million tweets discussing COVID-19 and related issues since January, found that almost half of the tweets discussing the virus appear to be bots, including approximately 620 of the 1,000 most active accounts and 41 of the top 50.
The indictment against Evil Corp. was one of many issued in the past few years against shadowy Russian groups, including the Internet Research Agency, accused of interfering in the 2016 election. Several have been tied to Russian military intelligence.
“Those indictments were intended as a deterrent,” said The New York Times. “But Moscow has protected Evil Corp.’s hackers from extradition, and they are unlikely to stand trial in the United States.”
Symantec did not name the American companies being targeted beyond that that there are over 30 of them, and the “vast majority” are major corporations, including many household names.
“Aside from a number of large private companies, there were 11 listed companies, eight of which are Fortune 500 companies,” said Symantec.
The typical attack begins with an email to an employee sheltering at home that looks like it came from a colleague. However, the email will contain a link to a malicious site.
When users access the fraudulent site, criminals can then take over their computers and demand payment—typically in cryptocurrency like Bitcoin—to regain control of their devices, said Fortune.
Symantec said the hackers wanted to “cripple” the companies’ “IT infrastructure by encrypting most of their computers and servers in order to demand a multi-million-dollar ransom.”
Another hacker development is the emergence of a group attempting to replace the role of WikiLeaks founder Julian Assange by releasing leaked documents. Last week the group, called DDoSecrets, released “BlueLeaks,” a collection of more than one million U.S. police files, according to Wired.
On the Juneteenth holiday, DDoSecrets published a 269-gigabyte collection of police data that includes emails, audio, video, and intelligence documents. Wired claimed it involved more than a million files.
DDOSecrets founder Emma Best told Wired that the hacked files came from Anonymous—or at least a source self-representing as part of that group.
“Over the weekend, supporters of DDOSecrets, Anonymous, and protesters worldwide began digging through the files to pull out frank internal memos about police efforts to track the activities of protesters.”
Wired said that the agencies with the most information in the leak’s data-set appear to be “intelligence fusion centers,” like the Missouri Information Analysis Center, the Northern California Regional Intelligence Center, the Joint Regional Intelligence Center, the Delaware Information and Analysis Center, and the Austin Regional Intelligence Center.
The Carnegie Mellon report indicated “that the botnets and influence activities line up with the Russian and Chinese cyber warfare playbooks,” reported The Hill.
“Facebook, Twitter and other social media are at the core of this damage,” wrote Erin Russ, in an op ed for The Hill.
“Social media platforms are extremely vulnerable. They offer distinct opportunities for hostile exploitation and are relatively untraceable — the data feedback on who responds allows for more targeted manipulation and the initial input of information takes on a self-replicating life of its own.”
Nancy Bilyeau is deputy editor of The Crime Report