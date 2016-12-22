Less than six hours after Donald Trump won the presidential election, individuals working for think tanks and non-governmental organizations, received in their email inboxes malware-infested links to PDF downloads promising a postmortem analysis of the greatest political upset since Truman defeated Dewey.

Adding insult to injury, two of the five waves of spear-phishing attacks on a few hundred very targeted individuals appeared to be messages forwarded by the Clinton Foundation, according to Steven Adair, CEO of the Washington, D.C.-area security firm Volexity, which announced the attacks were engineered by hackers known as The Dukes.

“Other people have said [The Dukes] are definitely related to Russia, or maybe work for the [Russian] government,” Adair says, stopping short of attributing the attacks to the country. Nevertheless, he believes The Dukes fall into the nation-state category. “They have the resources and capabilities and the way they operate is not a volunteer effort by a group of hobbyist hackers,” Adair says. These attackers, he adds, typically have deliberate goals to find out specific policy plans or information.

The Nov. 9 attacks tracked by Volexity were preceded by similar breaches in August in which the Dukes pretended to be from the Council on Foreign Relations and targeted individuals at specific NGOs and think tanks. The spoof monitored and then mimicked typical email communications with executive and legislative branch staffers.

“Attribution is never definitive because with enough knowledge and preparation, a sophisticated adversary can masquerade as a different threat actor,” cautions James Scott, senior fellow at the Institute for Critical Infrastructure Technology (ICIT), a Washington, D.C.-based think tank.