Russian hacking report released by FBI and DHS as Obama imposes new sanctions on Moscow
The report discusses two separate hackings by Russian actors in the summer of 2015 and spring of 2016.
The Federal Bureau of Investigation (FBI) and the Department of Homeland Security (DHS) have released a declassified report on Russia's alleged hacking of the US election.
The report, made public on Thursday (29 December), follows President Obama's expulsion of 35 Russian operatives and the closure of two compounds in response to the cyber attacks.
The report confirmed that two different Russian civilian and military intelligence services (RIS) "participated in the intrusion into a US political party". The document clearly references the Democratic National Committee (DNC) and Hillary Clinton's campaign chairman John Podesta, who were both hacked during the campaign, but does not name them specifically.
The first actor, referred to as Advanced Persistent Threat (APT) 29, hacked into the party's systems in summer 2015 and the second, known as APT28, gained unauthorised access in spring 2016.
According to the report, an ATP29 spearphishing campaign delivered emails to more than 1,000 recipients that contained a malicious link. The report found that at least one targeted recipient activated links to malware.
The government now refers to the suspected Russian activities under the codename "Grizzly Steppe".
APT29 delivered malware to the party's systems that "established persistence, escalated privileges, enumerated active directory accounts, and exfiltrated email from several accounts through encrypted connections back through operational infrastructure," the document states.
What is targeted spearphishing?
Cybercriminals use spearphishing campaigns to send extremely targeted emails that appear to be from legitimate sources. Instead, these emails contain malware or viruses that will download onto a recipient's computer, and in many instances, give hackers access to their systems.
The ATP28 campaign tricked targeted individuals into changing their passwords through a fake website domain hosted on APT28 operational infrastructure - a method known as targeted spearphishing.
The report revealed the hackers then used the new passwords to gain access and steal content from multiple senior party members.
The US government concluded that information was leaked to the press and publicly disclosed, however the findings did not reference WikiLeaks or Guccifer 2.0, - two outlets intelligence officials previously claimed were linked to the election-based leaks.
"This activity by Russian intelligence services is part of a decade-long campaign of cyber-enabled operations directed at the US Government and its citizens," the FBI, DHS and ODNI said in a joint statement.
It continued: "In other countries, Russian intelligence services have also undertaken damaging and disruptive cyberattacks, including on critical infrastructure, in some cases masquerading as third parties or hiding behind false online personas designed to cause victim to misattribute the source of the attack."
The report also claimed that actors "likely associated" with RIS continue to conduct spearphishing campaigns, including one only days after the US election.
The US intelligence community formally attributed the cyberattacks to Russia but did not provide solid evidence. Numerous cybersecurity firms, however, have released detailed analysis linking the hacking activity to various Kremlin-linked groups.
President-elect Donald Trump has continued to deny Russia's involvement and blamed computers for the confusion, despite members of his own party calling for action against Moscow and Russian President Vladimir Putin.
Read the complete 13-page report below:
© Copyright IBTimes 2024. All rights reserved.