Grizzly Steppe: how the US says Russia hacked the election

0
177

Russian intelligence agencies over the last two years blanketed Democratic Party targets with malicious emails and have likely continued such efforts after November’s elections, a US federal law enforcement report showed Thursday.

The report’s release coincided with an array of measures unveiled by Washington as retribution for what American officials have described as Moscow’s malicious efforts to tip the vote in favour of President-elect Donald Trump by stealing embarrassing information from Democratic Party operations and senior party members before releasing it to the news media.

The report, produced jointly by the Federal Bureau of Investigation and Department of Homeland Security, traces the routes allegedly taken by hackers to infiltrate party operations, using targeted campaigns of “spear phishing,” or fraudulent emails designed to cause the recipients to reveal passwords and other information, and then stealing large volumes of email.

US officials refer to the Russian hacking efforts collectively as “Grizzly Steppe,” it said.

The report corroborated or matched much of what had already been revealed by news media, which pointed to broad-based hacking by outfits such as APT 28 for “advanced persistent threat” tied to the Russian military intelligence body known as GRU, and APT 29, which may be associated with the FSB, or Russian federal security service.

“This activity by Russian intelligence services is part of a decade-long campaign of cyber-enabled operations directed at the US government and its citizens,” DHS and FBI said in a joint statement with the Office of the Director of National Intelligence, which oversees the sprawling US intelligence community.

US intelligence officials in October formally accused Russia of responsibility for the hacking but have since reportedly been at pains to provide evidence without compromising their own intelligence collection.

The report contained technical specifications and IP addresses that the authors said network administrators could use to identify malicious activity as well as a set of recommendations for hardening networks against attack.

According to the report, in mid-2015 APT 29 used legitimate internet domains from US educational institutions and other organisations to host malware and send spear phishing emails to more than 1,000 accounts, including some belonging to US officials, successfully stealing email in bulk from several accounts.

In the spring of 2016, APT 28 also attacked, tricking victims into changing their emails on a fake website hosted by APT 28.

The New York Times reported this month that APT 28 stole emails belonging to John Podesta, then the chairman of Democrat Hillary Clinton’s presidential campaign, and also penetrated computers used by the Democratic National Committee as well as the campaigning arm of Democrats in the House of Representatives.

“The US government assesses that information was leaked to the press and publicly disclosed,” Thursday’s report said.

“Actors likely associated with (Russian intelligence services) are continuing to engage in spearphishing campaigns, including one launched as recently as November 2016, just days after the US election.”