Thursday, 29 December 2016

FBI, DHS release report on Russia hacking




The FBI and the Department of Homeland Security (DHS) on Thursday released a joint report detailing how federal investigators linked the Russian government to hacks of Democratic Party organizations.
The document makes clear reference to the hacks of the Democratic National Committee (DNC) and Hillary Clinton campaign chairman John Podesta, though it does not mention either by name. 

The 13-page report provides technical details regarding tools and infrastructure used by Russian civilian and military intelligence services to “compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities.” 
The report, known as a “Joint Analysis Report” or JAR, refers to the Russian hacking campaign as “Grizzly Steppe.”  
It comes as part of a slate of retaliatory measures against Russia issued Thursday by the Obama administration in response to the hacks, and expands on a joint statement issued by the two agencies in October, formally attributing the attacks to Russia.
In the October statement, officials described the hacks and subsequent publication of stolen emails on WikiLeaks as an attempt to “interfere” with the U.S. election that is “consistent with the Russian-directed efforts,” but provided no evidence to support their assessment. 
President-elect Donald Trump has denied that Russia was involved in the hacks, and Obama has been under pressure to provide proof. 
Private security firms provided more detailed forensic analysis, which the FBI and DHS said Thursday correlated with the IC’s findings. 
“The Joint Analysis Report recognizes the excellent work undertaken by security companies and private sector network owners and operators, and provides new indicators of compromise and malicious infrastructure identified during the course of investigations and incident response,” read a statement. 
The report identifies two Russian intelligence groups already named by CrowdStrike and other private security firms. 
The Federal Security Service, or FSB, is the main successor to the KGB — once headed by Russian President Vladimir Putin.
The FSB is thought to be behind the hacking group known as APT29. A more traditional, long-range intelligence agency, the FSB lurked on the DNC systems for over a year.  
The GRU, Russia’s military intelligence service, is thought to be behind the second group that infiltrated the DNC, known as APT28. APT28 is also believed to have breached Podesta’s emails.
Despite their overlapping targets, the two agencies have different missions in the cyber realm.
APT28 is thought to be the group responsible for “doxxing” the DNC and Podesta by allegedly providing the stolen missives to WikiLeaks to publish.
Both organizations gained access to the DNC through targeted spearphishing campaigns, in which the hackers tricked targeted users into clicking bogus links that either deployed malware or directed them to a fake webmail domain hosted on Russian infrastructure. 
APT28 was able to use harvested credentials to then gain access and steal content, according to the report. This likely led “to the exfiltration of information from multiple senior party members.” 
“The U.S. Government assesses that information was leaked to the press and publicly disclosed,” the report says. 
The report also states that Russian intelligence operatives continued to launch spearphishing attacks on the Democratic party following the election, “including one launched ... just days after" the vote.
Source: thehill.com 

No comments:

Post a Comment