US alert urges think tanks to be on guard for foreign hacking activity

Think tanks are a prime target for espionage.
White House

Think tanks should be on high alert for nation-state hacking attempts in the coming days, the FBI and Department of Homeland Security warned in a joint report issued Tuesday.

The alert, which comes just as President-Elect Joe Biden carves out his national security team — many of whom are currently employed at prominent non-governmental organizations and think tanks in D.C. — notes that foreign state-linked hacking groups are primarily going after think tank employees that focus on national security and foreign policy.

“Given the importance that think tanks can have in shaping U.S. policy, CISA and FBI urge individuals and organizations in the international affairs and national security sectors to immediately adopt a heightened state of awareness and implement the critical steps listed in the Mitigations section of this Advisory,” the bulletin states.

U.S.-based think tanks and non-profit organizations are a perennial target of nation-state hackers.


Foreign espionage groups have long targeted prominent think tanks that employ advisers who consult with presidential candidates, in a likely effort to glean information about what policies a new administration could implement. North Korean government-linked hackers, for instance, attempted to infiltrate Hillary Clinton’s 2016 presidential campaign by breaking into the email accounts of Clinton advisers, who happened to work at a Washington think tank. In advance of the U.S. midterm elections of 2018, Russian government hackers, known as APT28 or Fancy Bear, ran several website spoofing campaigns, apparently in an effort to breach conservative-leaning organizations, Microsoft found.

The warning does not name any specific think tanks or NGOs that are of particular concern.

The cavalcade of national security experts that Biden has chosen for his incoming administration, though, is proof that think tanks are fertile recruiting ground for leaders in the next version of the U.S. government.

The transition team has chosen Neera Tanden, the president and chief executive of the Center for American Progress, for instance, to lead the Office of Management and Budget. The co-founder and managing partner of WestExec, a global consulting firm, Antony Blinken, is slated to be the next Secretary of State. WestExec’s other co-founder, Michèle Flournoy, is reportedly one of Biden’s top candidates to serve as Secretary of Defense. Avril Haines, Biden’s pick to serve as Director of National Intelligence, recently worked as a nonresident senior fellow at the Brookings Institution.

It was also unclear which countries’ hacking operations are currently concerning the FBI and CISA.


Chinese state-linked hackers have shown an interest in tracking Biden associates, and have targeted the Biden campaign in recent months, according to previous findings from Google and Microsoft. Suspected Iranian hackers have also targeted senior policy experts in recent months.

The advisory urges employees to be mindful of suspicious emails that look like spearphishing, which is a common way these attackers conduct their campaigns. IT staff and employees should also be aware that hackers may seek to exploit virtual private networks, especially as many staffers are conducting their work from home.

Shannon Vavra

Written by Shannon Vavra

Shannon Vavra covers the NSA, Cyber Command, espionage, and cyber-operations for CyberScoop. She previously worked at Axios as a news reporter, covering breaking political news, foreign policy, and cybersecurity. She has appeared on live national television and radio to discuss her reporting, including on MSNBC, Fox News, Fox Business, CBS, Al Jazeera, NPR, WTOP, as well as on podcasts including Motherboard’s CYBER and The CyberWire’s Caveat. Shannon hails from Chicago and received her bachelor’s degree from Tufts University.

Latest Podcasts