The Russian hacking groups that stole the Democratic National Committee’s secret files on Donald Trump have plenty of experience in filching sensitive data from U.S. officials. Last year, one of the two groups, known as APT29 or COZYBEAR, broke into the Joint Chief’s non-classified email system. Here’s what last summer’s hack can teach you about what happened to the DNC, and how to keep it from happening again.
On Tuesday, officials with the information security company Crowdstrike disclosed that APT29 had injected malware onto theDNC network about a year ago, enabling the hackers to pick up opposition research on Donald Trump, among other information. The group is known for its spearphishing campaigns, which sends emails that appear to be from a trusted source. But when a recipient clicks on a link, her machine will download malicious code, in the case of the DNC hack, containing a Remote Access Tool (RAT). This code lets a hacker into the system — and takes pains to keep itself hidden. The malware can check “for the various security software that is installed on the system and their specific configurations. When specific versions are discovered that may cause issues for the RAT, it promptly exits,” Crowdstrike’s Dmitri Alperovitch wrote in a blog post.
The malware Crowdstrike discovered on the DNC network “allowed the adversary to launch malicious code automatically after a specified period of system uptime or on a specific schedule.” Basically, this means the malware can sit in the background of the network, possibly on a single machine, not drawing attention to itself, until it’s scheduled to spring into action. You might remove it from that…