The group of nation-state hackers known by various names such as Cozy Bear, APT29, and CozyDuke sent a series of phishing emails to dozens of targets associated with non-governmental organizations (NGOs). All this phishing attack from attackers was just a few hours after Donald Trump won the 2016 US Presidential Election.
The phishing emails were sent from purpose-built Gmail accounts and other compromised email accounts at Harvard University’s Faculty of Arts and Sciences (FAS), trying to trick users into opening the attachments containing malware and clicking on malicious links.
A new variant of Backdoor malware, dubbed “PowerDuke” is dropped on the users system once the click on the links. This malware gives attackers full remote access to the compromised systems. PowerDuke is an extremely sophisticated piece of malware in both its way of infecting people as well as concealing its presence. Plus PowerDuke uses steganography to hide its backdoor code in PNG files. Also the malware has the capability to secretly download additional malicious files and evade detection from antivirus products.
According to a report,at least five waves of phishing attacks targeting people who work for organizations including Radio Free Europe/Radio Liberty, the RAND Corporation, the Atlantic Council, and the State Department, among others.
After Trump won the US presidential election everyone was shocked about the results and was curious to know about the victory of Trump. People even started searching on Google: How did Donald Trump win the US presidential election? Were the election flawed? Why did Hillary Clinton lose?.
Hackers took advantage of this curiosity to target users using phishing emails, especially the people who worked for the Government of America.