The previous week, Katenberg’s hacking crew had been bombarding the Hillary Clinton campaign’s email accounts with fake Google warnings, trying to get her
But the going was tough. Even when
After a day of testing on
An hour later he sent out a barrage of new malicious messages to more than 70 people, including one to
On Friday, the
Katenberg, who did not return multiple messages seeking comment, has been in The Associated Press’ sights ever since his email was identified among a massive hacker hit list handed to the news agency by Secureworks last year.
It was that 19,000-line database that allowed the AP to reconstruct Katenberg’s digital movements, logging every malicious link he and his colleagues created between
The data show that the malicious emails came in waves, some 20 or 30 of them at a time, aimed at diplomats, journalists, defense contractors and other Russian intelligence targets across the world. Between the waves, sometimes only an hour or a few minutes before a major campaign, the hackers sent test emails to their own accounts to make sure they could still dodge Google’s spam filters.
Katenberg’s GRU hacking group, widely nicknamed “Fancy Bear,” was locked in an arms race with the email giant. Every few months, Google would cotton on to the group’s tactics and begin blocking its messages. The Secureworks list, along with more than 100 other phishing emails recovered from spying victims, showed how the GRU would respond by firing up a new batch of malicious websites, moving on to a new link shortening service, or trying a new brand of phishing message meant to lure its recipients into giving up their credentials.
“Someone has your password,” was one particularly dire-sounding message sent by the GRU to a
But as good as the hackers were at extracting passwords from their victims, they also made mistakes.
For example, the Gmail address the GRU used to test-drive its phishing messages on
Both social media pages appeared dormant, but Lukashev and his colleagues may not be resting easy. Katenberg’s Facebook profile vanished within minutes of the publication of this article. Across the internet, journalists were picking up traces of the once-anonymous hackers’ digital trail, like the document posted to the website of a
For years men like Netyshko and Lukashev are alleged to have hunted America’s secrets.
Now the world’s media is after theirs.
More AP reporting on Russian hacking: https://www.apnews.com/tag/Russianhacking