INTEL REPORT: HOW RUSSIA HACKED US ELECTION
WASHINGTON— Russian intelligence agencies over the last two years blanketed Democratic Party targets with malicious e-mails and have likely continued such efforts after November’s elections, a US federal law enforcement report showed on Thursday.
The report’s release coincided with an array of measures unveiled by Washington as retribution for what American officials have described as Moscow’s malicious efforts to tip the vote in favor of President-elect Donald Trump by stealing embarrassing information from Democratic Party operations and senior party members before releasing it to the news media.
Hackers’ route traced
The report, produced jointly by the Federal Bureau of Investigation and the Department of Homeland Security (DHS), traces the routes allegedly taken by hackers to infiltrate party operations, using targeted campaigns of “spearphishing,” or fraudulent e-mails designed to cause the recipients to reveal passwords and other information, and then stealing large volumes of e-mail.
US officials refer to the Russian hacking efforts collectively as “Grizzly Steppe,” it said.
Much of the information provided in the report is not new, a source familiar with the matter said, reflecting the difficulty of publicly attributing cyberattacks without revealing classified sources and methods used by the government.
The report corroborated or matched much of what had already been revealed by news media, which pointed to broadbased hacking by outfits such as APT 28 for “advanced persistent threat” tied to the Russian military intelligence body known as GRU, and APT 29, which may be associated with the FSB, or Russian federal security service.
“This activity by Russian intelligence services is part of a decade-long campaign of cyberenabled operations directed at the US government and its citizens,” the DHS and FBI said in a joint statement with the Office of the Director of National Intelligence, which oversees the sprawling US intelligence community.
Evidence
US intelligence officials in October formally accused Russia of responsibility for the hacking but have since reportedly been at pains to provide evidence without compromising their own intelligence collection.
The report contained technical specifications and IP addresses that the authors said network administrators could use to identify malicious activity as well as a set of recommendations for hardening networks against attack.
According to the report, in mid-2015 APT 29 used legitimate internet domains from US educational institutions and other organizations to host malware and send spearphishing e-mails to more than 1,000 accounts, including some belonging to US officials, successfully stealing e-mail in bulk from several accounts.
In the spring of 2016, APT 28 also attacked, tricking victims into changing their e-mails on a fake website hosted by APT 28.