The FBI and the US Department of Homeland Security have released a joint report on political hacks in the US, which they attribute to Russia. President Obama announced measures against the country.
In the document, the FBI and Homeland Security identified two different groups allegedly responsible for the hacks. The two groups belong to the Russian intelligence services and are known as APT28 and APT29, among others. The FBI writes that no responsible person has been designated in previous reports. In the current case, however, there would be sufficient corroborating evidence to attribute the hacks to Russia.
The report contains a list of different designations of the two groups. These are also known as Fancy Bear and Cozy Bear, which were mentioned in connection with attacks on German political parties, among other things. Another name is Pawn Storm, who was linked by security firm Trend Micro to the hacking attempt on the MH17 research council. The long list includes other designations such as X-Agent, Sofacy, Sandworm, and BlackEnergy. Those last two names are again related to an internet attack on a Ukrainian power plant.
APT29 allegedly sent malicious links to more than 1,000 recipients, including US government officials, in a targeted phishing campaign in the summer of 2015. To run the campaign and to host malware, the group used legitimate domains, such as organizations and educational institutions. Subsequently, at least one person would have clicked on a malicious link, after which APT29 was able to ‘penetrate a political party’. Although the report does not directly name the party, it is clear that it refers to the hack on the Democratic party.
By clicking the link, the group was able to place malware on the party’s systems to gain access to the network, extend permissions, map accounts and steal data via encrypted files. connections, the report said. The second group, APT28, also engaged in targeted phishing campaigns aimed at getting victims to change their password via a fake domain of a webmail service. That way, the group was able to steal data from high-ranking party officials. The FBI writes that this information was later leaked.
In the remainder of the thirteen-page report, the organizations make suggestions about how to secure systems and how to combat phishing. The Guardian writes that security researchers are critical of the report because it is not comprehensive enough and because it was published too late.
On Thursday, President Obama announced that the US would impose sanctions on Russia as a result of the hacks. Part of the sanctions is that 35 Russian people have to leave the country. At first it appeared to be diplomats, later it turned out that they were employees of Russian intelligence services. In addition, the US closed two Russian buildings in New York and Maryland that were being used for “intelligence purposes.” According to Obama, these are the first sanctions and further measures will follow shortly.
Infographic from the published report