The agencies warned in a Tuesday report that “likely state-sponsored groups” are targeting think tanks, urging the policy researchers to beef up security on their computer networks lest the same foreign threats they spend taxpayers’ money warning the government about gain access to their deepest darkest secrets.
Hackers are using spear-phishing emails, which attempt to dupe recipients into giving up their login credentials often by spoofing their origins with a reputable sender, and exploiting vulnerabilities in remote networks, according to the report.
“Given the importance that think tanks can have in shaping US policy, CISA and FBI urge individuals and organizations…to immediately adopt a heightened state of awareness” and follow standard computer hygiene, the agencies wrote. Their recommendations included relatively obvious ‘solutions’ like changing default passwords, encrypting information, downloading software patches where available, and installing antivirus programs. The agencies also advised think tanks’ employees be trained in avoiding phishing and other common hacks – opening up a new revenue arm for the cybersecurity industry.
Ironically, think tanks like the NATO- and military industrial complex-funded Atlantic Council have been on the front lines of hyping up the threat posed by foreign hackers, blaming Russia (and to a lesser extent China and Iran) for the lion’s share of unfavorable geopolitical outcomes. CISA itself was established in 2018 by the Trump administration, which was heavily pressured to step up its cybersecurity theatre amid accusations that never-proven “Russian meddling” had handed the president his surprise 2016 victory.
With even the most sensitive work being conducted over the internet due to the pandemic, fear of hackers grabbing secrets out of the data flow has mushroomed. Computing giant IBM warned on Thursday that it had uncovered a spear-phishing campaign targeting organizations involved with the Covid-19 vaccination effort across six countries. While the company acknowledged it could not attribute the attacks to any particular entity – indeed, it couldn’t even determine whether any of the phishing attempts had been successful – IBM advised targets to be on their guard (and invest in IBM’s protective measures).
Spear-phishing has been blamed for a number of high-profile attacks in recent years, from a Twitter infiltration that actually involved company insiders being paid off to the infamous 2016 hack on presidential candidate Hillary Clinton’s campaign director John Podesta. The UK and Canadian governments, along with the US, warned the same advanced persistent threat group (APT) blamed for the Podesta hack and the release of 2016’s leaked Democratic National Committee emails had been “targeting organizations involved in coronavirus vaccine development.”
Moscow denied the claims, noting the British vaccine was already set to be produced by a Russian company. Russia unveiled its own Sputnik V vaccine months before its accusers completed their own research.
Like this story? Share it with a friend!