United States reveals details of Russian cyber attacks

Pursuing a UK-US trade pact could be 'catastrophic', a committee of MPs have warned. [Gage Skidmore/Flickr]

The United States is waging a war against Russian cyber attacks. After expelling Moscow’s diplomats, the Obama Administration decided to publish a report detailing the names of the different groups of hackers and their methods. EURACTIV’s partner Ouest France reports.

The FBI and the US Department of Homeland Security have published details of the operation allegedly carried out by the Russian secret services to influence or disrupt last year’s American presidential election, nicknamed the Grizzly Steppe.

Beside expelling 35 Russian diplomats from Washington and San Francisco, announced on Thursday (29 December), and the closure of two Russian centres in New York and Maryland, President Obama also set a new precedent by approving the publication of the security services’ 13-page report.

The report details how the US believes cyber attacks against the Democratic Party and Hillary Clinton’s campaign director, John Podesta, were carried out.

According to the conclusions of several private companies specialised in cybercrime, like Crowdstrike and ThreatConnect, the groups of hackers involved used the classic method of spearfishing, or email phishing.

“The spearphishing email tricked recipients into changing their passwords through a fake webmail domain hosted on APT28 (a group of Russian hackers) operational infrastructure. Using the harvested credentials, APT28 was able to gain access and steal content,” the report stated.

Schéma du Département américain de la sécurité qui détaille le fonctionnement des cybefattaques russes.
APT28’s Use of Spearphishing and Stolen Credentials. [NCCIC/FBI]

Who are these hackers? The report contained a list of protocols and internet files, malware and other electronic “signatures” used by the Russians pirates.

According to one American civil servant quoted by the New York Times, this publication was designed to “embarrass the Russian government by revealing its tactics, techniques and procedures to the public at large”. That is, to internet users around the world.

But Moscow has denied any connection to the groups of hackers targeted by the report.

The group Advanced Persistent Threat 28, or APT28, also known under the alias Fancy Bear, has been active since 2008. According to the American security services, the group is directly linked to the GRU, Russia’s military intelligence service. It is suspected of being behind attacks on the World Anti-Doping Agency, France’s international television channel TV5 Monde in 2015 and the seat of the OSCE in Vienna on 28 December.

Another group, APT29, also known as Cozy Bear, was linked to the FSB, the main successor to the KGB. And finally, the report claimed that the group Guccifer 2.0, which claimed to be a Romanian hacker and carried out the attack on the Democratic Party, was in fact a partnership of two Russian pirate groups.

Subscribe to our newsletters