New Spear-phishing Campaign Targets Bellingcat Researchers trying to Investigate Flight MH17 Crash – Researchers believe the technique is exactly what has been used by Fancy Bears hackers in their previous hacks.
The Bellngcat agency’s journalists are trying to investigate what actually caused the Malaysian Airlines’ flight MH17 crash, while hackers are trying to sabotage their efforts by channeling phish campaigns towards them. The motive behind the new hack campaign could be to take over the accounts of the company.
Intelligence firm ThreatConnect has reported that Bellingcat agency has received spear phishing messages and has been facing account takeover attempts since a year and more. Bellingcat agency is famous for its attempts of conducting investigations on burning issues despite strong resentment from governments and organizations from around the world. Only yesterday we learned that a Russian-made missile that was launched by pro-Russia rebels was the reason behind the crash of Malaysian Airlines’ flight MH17. ThreatConnect speculates that the ties of perpetrators of the attack can be linked to the Russian government as well.
Bellingcat’s founder Eliot Higgins shares some data indicating that at least two Russian state-sponsored groups were involved in the attack. ThreatConnect experts claim that the dangerous Fancy Bear APT group could be involved in the attack. This group is currently in the headlines for launching attacks against the US Presidential election systems and associated people and World Anti-Doping Agency (WADA). The other group could be the CyberBerkut, which is a Ukrainian hacker group having pro-Russia sentiments however the research work points fingers more towards FancyBears.
ThreatConnet also issued a statement that read:
“Higgins shared data with ThreatConnect that indicates Bellingcat has come under sustained targeting by Russian threat actors, which allowed us to identify a 2015 spearphishing campaign that is consistent with FANCY BEAR’s tactics, techniques, and procedures.”
Experts suggest that Bellingcat agency became the Russian group Fancy Bear APT’s target because its reporters were investigating the MH17 crash that occurred in 2014.
Bellingcat was targeted by state-sponsored hacker groups with a spear phishing campaign between February 2015 and July 2016 using a Gmail security notice to deceive the investigators. The users clicked on the embedded links but the attacks were not successful. ThreatConnect explains why in its report:
“These spear phishing attempts consist of a variety of spoofed Gmail security notices alerting the target that suspicious activity was detected on their account. The target is prompted to click a URL resembling a legitimate Gmail security link to review the details of this suspicious activity.”