Federal agencies warn that hackers are targeting US think tanks

The FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) warned Tuesday that major hacking groups are targeting U.S. think tanks.

The agencies put out an alert noting that advanced persistent threat (APT) hacking groups were mainly targeting think tanks and individuals involved with international affairs or national security policies. 

The targeting involved malicious phishing emails, along with attempting to exploit vulnerabilities in remote networks and other internet-connected devices. 

“Given the importance that think tanks can have in shaping U.S. policy, CISA and FBI urge individuals and organizations in the international affairs and national security sectors to immediately adopt a heightened state of awareness,” the agencies wrote in the alert. 

The agencies noted that the move to increased teleworking during the COVID-19 pandemic had increased the threat surface for attackers, including through the ability to target virtual private networks used to access secure work networks remotely. 

“When successful, these low-effort, high-reward approaches allow threat actors to steal sensitive information, acquire user credentials, and gain persistent access to victim networks,” the agencies wrote.  

FBI and CISA recommended that think tanks immediately take steps to heighten their cybersecurity, including through employee cybersecurity awareness training, installing antivirus software on personal employee devices, using multifactor authentication for company accounts and “exercising caution” when accessing links and emailed attachments. 

The governments of the U.S., the United Kingdom, and Canada in July put out a joint warning noting that a Russian APT hacking group was targeting groups involved in COVID-19 vaccine research, including think tanks and other secure organizations. 

Microsoft reported in September seeing a spike in foreign efforts to target U.S. public policy groups and organizations involved in COVID-19 research, with foreign nations including Russia targeting groups including U.S. think tanks involved in international affairs and national security work. 

Malicious activity in cyberspace generally has massively increased during the COVID-19 pandemic, with groups involved in responding to the pandemic increasingly targeted by nation states.