Cozy Bear, or APT29, the Russian state-sponsored cyber-espionage group, appears to be active again, and it is thought to be impersonating the United States State Department in a large spear-phishing campaign.
Neither CrowdStrike nor FireEye has directly blamed Cozy Bear, saying attribution is still in progress, but FireEye noted, “This campaign has targeted over 20 FireEye customers across: Defense, Imagery, Law Enforcement, Local Government, Media, Military, Pharmaceutical, Think Tank, Transportation, and US Public Sector industries in multiple geographic regions.”