Meet Cozy Bear — the Russian cyber espionage group allegedly behind US government data breach

• The US government’s Treasury and Commerce department are reportedly warding off a hacking attempt by the Russian hacker group known as Cozy Bear.
• This is only the latest in the long line of hacks that the state-sponsored group of cybercriminals have been linked to with respect to the US government.
• Over the past six years, Cozy Bear has been behind at least five data breaches against the US government.

The US government is currently in the midst of unravelling a sophisticated cyber attack that stretches back months. So far, data breaches at the US Treasury and Commerce departments have been recognised. But, the officials fear that other agencies within the government may also be vulnerable.

Reuters initially reported the incident with sources claiming that the breach led to an emergency meeting of the National Security Council at the White House on December 12. A ‘foreign government’ had been able to break through and steal sensitive information.

But, according to The Washington Post, it wasn’t just any foreign government — it was the Russians. And, it was the same group of hackers who were able to breach through FireEye’s defences less than a week ago.

In fact, the attack on the US government is only the latest in what is a long line of data theft campaigns led by a group of state-sponsored Russian hackers that go by the name of Cozy Bear or APT29.

Who is Cozy Bear?
According to cybersecurity firm Kaspersky Lab, Cozy Bear is a ‘precise attacker’. In addition to the US, the hacker group's targets also include government organisations and commercial entities in Germany, South Korea and Uzbekistan.

During their past exploits, they have also been referred to as the Office Monkeys, CozyCar, The Dukes and CozyDuke.


Russian hackers breach US defences thrice in two years
This isn’t the first time that Cozy Bear has come after the US government. The first time they were caught was back in 2014, when the group launched a campaign targetting the White House and the Department of State.

At the time the breach was dubbed the ‘worst ever’ hack on the US government. And, it took over three months for the authorities to clean out the system even though it was only the ‘unclassified’ email system that was breached.

But, that was only the first many attacks that were to come. In another attack in 2015, Cozy Bear targetted the Pengaton’s email system. It affected some 4,000 military and civilian personnel who worked for the highest-ranking officials — the Joints Chiefs of Staff — within the organisation.

The same year, unknown to the public at the time, Cozy Bear was also hacking the Democratic National Committee (DNC), stealing passwords and other sensitive information.

The post-2016 election phishing campaign
Within hours of Donald Trump becoming the US president in 2016, five waves of phishing attacks were launched at US-based think tanks and non-governmental organisation (NGOs).

And, again, Cozy Bear was allegedly at the centre of it. A blast of emails was sent to people of important posts within national security, defence, international affairs, public policy and European and Asian studies.

Cozy Bear’s second attack against the US government this year
The year 2020 has seen an explosion in cybercriminal activity. And, Cozy Bear is no exception.

Earlier this year in July, the Russian hackers’ group was accused by the National Security Agency (NSA), National Counterintelligence and Security Centre (NCSC) and the Canadian Centre for Cyber Security (CSE) of trying to steal data on COVID-19 vaccine and treatments that were being developed in the US, the UK, and Canda.

SEE ALSO:
Geminid meteor shower will be visible over parts of India tonight

Indian users among the most affected by a new threat that is affecting three of the most popular web browsers in the world

Carbon emissions in India show third-highest drop after US and Europe in 2020 — thanks to COVID-19 lockdowns