By Jim Finkle and Dustin Volz
(Reuters) – A Russian hacking group began attacking U.S.-based policy think tanks within hours of Donald Trump’s presidential election victory, according to cyber experts who suspect Moscow is seeking information on the incoming administration.
Three cyber security firms told Reuters that are tracking a spear-phishing campaign by a Russian-government linked group known as Cozy Bear, which is widely suspected of hacking the Democratic Party ahead of the election.
“Probably now they are trying to rush to gain access to certain targets where they can get a better understanding on what is going on in Washington after the election and during the transition period,” said Jaime Blasco, chief scientist with cyber security firm AlienVault.
Targets included the Council for Foreign Relations, said Adam Segal, a security expert with the think tank. His colleagues include former U.S. Senator John D. Rockefeller IV and former Reagan administration State Department official Elliott Abrams.
Representatives with the Russian Embassy in Washington could not be reached for comment. Moscow has strongly denied that it was behind the hacks.
Spear-phishing campaigns use malware-tainted emails to infect computers of carefully selected staff at target organizations. They typically appear to be from people whom the victims know and on subjects of interest to them.
Some of the emails appeared to be from Harvard University under the subject line, “Why American Elections are flawed,” according to Washington-based cyber security firm Volexity.
The attacks began as the Obama administration was weighing if and how it might respond in its final two months to a series of high-profile hacks on Democratic Party organizations that U.S. intelligence officials have publicly blamed on Moscow.
A former senior Obama administration official said on Thursday that the White House had decided to take action against Russia after the election but no decision had been made on exactly how to respond.
Options included U.S. prosecutors indicting Russians believed to be behind the attacks, applying new economic sanctions against Moscow and the United States launching a retaliatory cyber attack against Russia, said the former official who asked not to be named.
White House officials feared that retaliating before the election could have led Russia to launch a major cyber attack on the United States that would have disrupted the banking system, power grid or internet service. But they said administration officials had decided that the United States needed to show after the election that it would respond to state-sponsored cyber attacks, said the former official.
Trump has said he is not convinced Russia was behind the attacks. He has yet to fill key national security posts, which makes it difficult to assess how his administration might handle the issue.
Harvard’s chief information security officer, Christian Hamer, warned staff about the attacks on Thursday afternoon, saying that federal law enforcement was investigating.
He said some of the emails used in the campaign appeared as if they were sent from members of Harvard’s Faculty of Arts and Sciences, using the school’s branding.
An FBI representative declined comment.
(Reporting by Jim Finkle in Boston and Dustin Volz in Washington. Additional reporting by David Rohde in New York and Steve Holland in Washington.; Editing by Cynthia Osterman)