The Official FBI report on Russian intrusions: PD
Post# of 65629
Posted On: 12/29/2016 3:51:31 PM
Re: Sunshinesmiles #28221
The Official FBI report on Russian intrusions:
PDF
Reference Number: JAR-16-20296
December 29, 2016
GRIZZLY STEPPE – Russian Malicious Cyber Activity Summary
This Joint Analysis Report (JAR) is the result of analytic
efforts between the Department of Homeland Security (DHS) and the
Federal Bureau of Investigation (FBI). This document provides technical
details regarding the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities.
The U.S. Government is referring to this malicious cyber activity by RIS as
GRIZZLY STEPPE.
Previous JARs have not attributed malicious cyber activity tspecificcountries or threat actors.
However, public attribution of these activities to RIS is supported by technical indicators from
the U.S. Intelligence Community, DHS, FBI, the private sector, and other entities. This determination expands upon the Joint Statement
released October 7, 2016, from the Department
of Homeland Security and the Director of National Intelligence on Election Security.
This activity by
RIS is part of an ongoing campaign of cyber-enabled operations directed at the U.S. government and its citizens
. These cyber operations have included spearphishing campaigns
targeting government organizations, critical infrastructure
entities, think tanks, universities, political organizations, and corporations
leading to the theft of information. In foreign countries, RIS actors conducted damaging and/or disruptive cyber-attacks, including
attacks on critical infrastructure networks.
In some cases
, RIS actors masqueraded as third parties, hiding behind
false online personas designed to cause the victim to misat
tribute the source of the attack
. This
JAR provides technical indicators related to many of these operations, recommended mitigations,
suggested actions to take in response to the indicators provided, and information on how to
report such incidents to the U.S. Government. TLP:WHITE 2 of 13TLP:WHITE
Description The U.S. Government
confirms that two different RISactors participated in the intrusion into a
U.S. political party. The first actorgroup, known as Advanced Persistent Threat (APT) 29, entered into the party’s systems in summer 2015, while the second, known as APT28, entered in spring 2016
The other PDF 11 pages include details and charts.
Reference Number: JAR-16-20296
December 29, 2016
GRIZZLY STEPPE – Russian Malicious Cyber Activity Summary
This Joint Analysis Report (JAR) is the result of analytic
efforts between the Department of Homeland Security (DHS) and the
Federal Bureau of Investigation (FBI). This document provides technical
details regarding the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities.
The U.S. Government is referring to this malicious cyber activity by RIS as
GRIZZLY STEPPE.
Previous JARs have not attributed malicious cyber activity tspecificcountries or threat actors.
However, public attribution of these activities to RIS is supported by technical indicators from
the U.S. Intelligence Community, DHS, FBI, the private sector, and other entities. This determination expands upon the Joint Statement
released October 7, 2016, from the Department
of Homeland Security and the Director of National Intelligence on Election Security.
This activity by
RIS is part of an ongoing campaign of cyber-enabled operations directed at the U.S. government and its citizens
. These cyber operations have included spearphishing campaigns
targeting government organizations, critical infrastructure
entities, think tanks, universities, political organizations, and corporations
leading to the theft of information. In foreign countries, RIS actors conducted damaging and/or disruptive cyber-attacks, including
attacks on critical infrastructure networks.
In some cases
, RIS actors masqueraded as third parties, hiding behind
false online personas designed to cause the victim to misat
tribute the source of the attack
. This
JAR provides technical indicators related to many of these operations, recommended mitigations,
suggested actions to take in response to the indicators provided, and information on how to
report such incidents to the U.S. Government. TLP:WHITE 2 of 13TLP:WHITE
Description The U.S. Government
confirms that two different RISactors participated in the intrusion into a
U.S. political party. The first actorgroup, known as Advanced Persistent Threat (APT) 29, entered into the party’s systems in summer 2015, while the second, known as APT28, entered in spring 2016
The other PDF 11 pages include details and charts.
(0)
(0)Scroll down for more posts ▼