- The Washington Times - Tuesday, December 5, 2017

The scandal surrounding embattled Alabama Senate candidate Roy Moore has provided fodder for foreign hackers attacking U.S. targets, cybersecurity firm FireEye said Monday.

A hacking group with ties to the Chinese government known as APT19 has been sending malicious emails to multinational, U.S.-based law firms referencing the Republican nominee, who is accused of sexual misconduct with teen girls years ago when he was in his 30s, FireEye analysts told CyberScoop.

Mr. Moore has denied any wrongdoing.

The messages were sent to at least three major law firms last week and contained the same subject line, according to FireEye: “FW: Roy Moore scandal ignites fundraising explosion for Democratic challenger Doug Jones.”

The emails contained a malicious Microsoft Word document that could let hackers remotely access an infected computer if opened, the security firm said.

“It’s difficult to say what they’re after because the lures are so broadly written and we’re stopping them at the perimeter, before they really get a chance to do much,” FireEye analyst Ben Read told CyberScoop. “It’s feasible that APT19 is looking to steal financial documents, including information about business mergers and acquisitions which could be worth a lot.

“Based on what we can observe, the targets are mostly the same every time (major U.S.-based law firms),” added fellow FireEye analyst Ian Ahl. “The emails all originate from an APT19 owned domain, but the sender username is often changed.”

The emails referencing the upcoming Alabama race were the fourth wave of an APT19 operation already underway since at least June, according to CyberScoop.

The former state chief justice will face Democratic rival Doug Jones in a special election on Dec. 12.

The hackers previously sent similar emails to targets containing subject lines referencing incoming French President Emmanuel Macron, among other topics, the security firm said earlier. Recently, those emails referenced the likes of Mr. Moore, disgraced movie mogul Harvey Weinstein and 2016 Democratic presidential candidate Hillary Clinton, CyberScoop reported Monday.

The latest wave of emails targeted the same group of law firms that received malicious messages attributed to APT19 in June, October and November, according to CyberScoop.

FireEye has previously described APT19 as having “some degree of sponsorship by the Chinese government.” APT is short for “advanced persistent threat,” a label often applied to sophisticated, typically state-sponsored hacking outfits.

• Andrew Blake can be reached at ablake@washingtontimes.com.

Copyright © 2024 The Washington Times, LLC. Click here for reprint permission.

Please read our comment policy before commenting.

Click to Read More and View Comments

Click to Hide