DEVIOUS

Heather Nauert, State Department Spokeswoman, Impersonated by Hackers in Massive Phishing Operation

Hackers believed to be linked to Russian intelligence services impersonated State Department spokesperson Heather Nauert and her deputy to target hundreds of staffers in U.S. defense and law-enforcement agencies, Bloomberg News reports. Cybersecurity experts at FireEye said Monday that the phishing attempt was detected last week with emails made to resemble a secure communication from Nauert’s deputy, Susan Stevenson. The email contained a download purporting to be a drive belonging to Nauert, though it was actually malware, according to FireEye. “The threat actor crafted the phishing emails to masquerade as a U.S. Department of State Public Affairs official sharing an official document,” the company said in a statement. There’s no evidence the accounts of Nauert and Stevenson were compromised, but it’s not clear how many people clicked on the malware, which experts say was likely part of an attempt to gather intelligence. While FireEye could not definitively say who was behind the phishing campaign, they said it had many similarities to previous campaigns by a group linked to Russia’s intelligence services known as APT29 or Cozy Bear.