Russian Hackers Add Washington Think Tanks To Victim List

[Shutterstock - Andrey Armyagov]

Daily Caller News Foundation logo
Eric Lieberman Deputy Editor
Font Size:

Russian hackers attacked multiple think tanks in Washington, D.C., last week.

The cybercriminals targeted institutions that are focused on Russia, according to Defense One. Experts believe the perpetrator are part of the same group that was at least partially responsible for the Democratic National Committee (DNC) attack, as well as the breaches of the Pentagon and the Department of State.

The hacker syndicate is known as “COZY BEAR” or “APT29” and its latest cyber assault was identified by the cybersecurity company CrowdStrike. While the founder of the firm, Dmitri Alperovitch, did not divulge who or what had been compromised, he did say that roughly five organizations and 10 staffers who were studying Russia were affected by the “highly targeted operation.”

“Many of these people are former government officials that still advise current government officials,” Alperovitch told Defense One. So Russia has an inherent interest in the way America’s top insiders view them, especially if those think tank leaders have communications with the U.S. government. The think tanks may also “have some plundered information that’s been shared with them, or use them as a way to target government.”

After the security breaches, clients were immediately notified and the timeliness disallowed intruders from withdrawing critical data, Alperovitch told Defense One.

CrowdStrike contends that “COZY BEAR” is connected to the Russian Federal Security Service (FSB) in some way.

FireEye, another cybersecurity firm, was the first to discover “COZY BEAR,” aka, “APT29.”

“APT29 is among the most capable groups that we track. While other APT [advanced persistent threat] groups try to cover their tracks to thwart investigators, APT29 stands out,” the company said in an original blog post. “They show discipline and consistency in reducing or eliminating forensic evidence, as well as adaptability in monitoring and circumventing network defenders’ remediation efforts.”

But “APT29” are reportedly not the only evildoers. CrowdStrike and other cybersecurity researchers assert that a group called “FANCY BEAR” or “APT28,” which has ties to Russian military, was also responsible for the DNC hacks. Alperovitch reported to Defense One the perpetrators were able to infiltrate the research and advocacy institutions’ online systems through “spearphishing,” which coaxed employees to open emails with phony addresses that are linked to well-known nonprofits and think tanks.

“We have a policy of not commenting on Center security,” Harvard’s Belfer Center for Science and International Affairs said in a statement given to Defense One.

Senior vice president at the Center for Strategic and International Studies (CSIS) wasn’t too worried about the breaches, and even cherished the moment.

“It’s like a badge of honor–any respectable think tank has been hacked. The Russians just don’t get the idea of independent institutions, so they are looking for secret instructions from Obama. Another benefit is they can go to their bosses and show what they took to prove their worth as spies,” Lewis said.

Follow Eric on Twitter

Send tips to

Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact