Two major federal agencies have issued a bombshell joint report showing the proof that the Russian Federation meddled in the general election.
The Federal Bureau of Investigation (FBI) and the Department of Homeland Security (DHS) accused two Russian intelligence services (referred to as “RIS” in the report) in the “Grizzly Steppe” report issued on December 29th of hacking into the Democratic National Committee’s digital infrastructure in the summer of 2015, and again in the spring of 2016. For the sake of brevity, the agencies identified the hackers as Advanced Persistent Threat (APT) 28 and 29.
The report confirmed that the contents of Clinton campaign chairman John Podesta’s email account were obtained via a tactic known as “spearphishing,” in which a malicious code is sent to thousands of different recipients in the hopes that some of them will click, thereby granting a hacker access to sensitive information contained within an email account.
Both groups have historically targeted government organizations, think tanks, universities, and corporations around the world. APT29 has been observed crafting targeted spearphishing campaigns leveraging web links to a malicious dropper; once executed, the code delivers Remote Access Tools (RATs) and evades detection using a range of techniques. APT28 is known for leveraging domains that closely mimic those of targeted organizations and tricking potential victims into entering legitimate credentials. APT28 actors relied heavily on shortened URLs in their spearphishing email campaigns. Once APT28 and APT29 have access to victims, both groups exfiltrate and analyze information to gain intelligence value.
After outlining how the two RIS compromised email systems, it outlined numerous steps that government agencies and corporations can take to safeguard against future spearphishing attacks, like implementing policies that require a different password be used for each different device used by officials, reducing privileges to only what a user needs to do his or her job, and verifying all administrator credentials regularly, among other policies.
The report appears to confirm reports from earlier this month that John Podesta’s email account was compromised after an aide referred to an email containing a suspicious link as “legitimate,” rather than “illegitimate,” which she meant to type instead. Presumably, the aide’s blessing of the link was what made Podesta click it, subjecting his email to Russian intelligence agencies who then obtained access to the tens of thousands of emails in his personal account.
Zach Cartwright is an activist and author from Richmond, Virginia. He enjoys writing about politics, government, and the media. Send him an email at [email protected], and follow his work on the Public Banking Institute blog.