Russia's most notorious hacking group is back, and this time, they are trying to get their hands on the most sensitive U.S. defense technology.
Fancy Bear, also known as APT 28 and Sofacy Group, targeted at least 87 individuals working in defense industry sectors including drone, stealth, missile and cloud computing technologies, most of which is classified. The group became infamous after hacking the Democratic National Committee and the Hillary Clinton campaign during the 2016 election. Remarkably, the hackers used the same technique while attempting to gain access to their targets' personal email accounts.
"We've got a number of experts who've spent many years in that field and so picking their brains literally without them knowing would be of potentially significant use," said Kevin Gambold, in an interview.
The technique is called "phishing," and while it's a fairly simple tactic, it's also remarkably effective. All a would-be hacker has to do is send an email to a target, directing them to download a file or click on a link (the more convincing, the better). The file usually contains some kind of malware which in some cases gives the hacker access to portions of the target's computer. The links usually revert to a fake log in page of some kind, which prompts the user to enter their user name and password, thus giving the hacker the necessary credentials to log into the account at will. Sending very convincing phishing links disguised as Gmail account warnings is Fancy Bear's calling card. They used the same method to gain access to the Democratic National Convention and Clinton campaign.
Approximately 40 percent of the defense industry personnel targeted clicked the phishing links, according to an Associated Press report. Fifteen of those targeted worked on drones. Personal email accounts may not contain a plethora of classified information, but as has been the case in the past, they can often provide pieces certain actors (like Russia) may find useful.
"This would allow them to leapfrog years of hard-won experience," said Gambold, who was also targeted.
Those years of experience are crucial to the Russian war machine, which was late to the game in drone warfare. The Russian Ministry of Defense has been playing catch up after seeing U.S. drone capabilities radically expand during the wars in Iraq and Afghanistan. Incorporating any stolen technology into Russian programs will of course take some time, but searching for and exploiting potential vulnerabilities could happen much quicker.
"When our foreign adversaries are targeting them and exploiting the very sensitive technologies and weapon systems that we're trying to equip our troops with, it puts those troops at risk on the battlefield. And that's something everyone should be concerned about," said Charles Sowell, a former senior advisor to the Director of National Intelligence."
The Defense Security Service is tasked with training the industry in cyber security, but personal emails are outside their per view, making them ripe targets for U.S. adversaries.
The Associated Press contributed to this report.