The Federal Bureau of Investigation and the Department of Homeland Security released a joint report on Thursday detailing how federal investigators linked the Russian government to hacks of Democratic Party organizations.
The report makes clearly references to the hacks of the Democratic National Committee and Hillary Clinton campaign chair John Podesta without specifically naming them. It also provides technical details regarding tools and infrastructure used by Russian civilian and military intelligence services to “compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities.”
The 13 page report, known as a “Joint Analysis Report” or JAR, refers to the Russian hacking campaign as “Grizzly Steppe.” It is part of a series of measures imposed by the Obama administration against Russia on Thursday in response to the hacks, and expands on a joint statement issued by the two agencies in October, when they formally attributed the attacks to Russia.
At that time, the agencies described the hacks and subsequent release of the stolen data by WikiLeaks as an attempt to “interfere” with the U.S. election that is “consistent with the Russian-directed efforts,” but provided no evidence to support their assessment.
Private security firms provided more detailed forensic analysis, which the FBI and DHS said Thursday correlated with the IC’s findings. “The joint Analysis Report recognizes the excellent work undertaken by security companies and private sector network owners and operators, and provides new indicators of compromise and malicious infrastructure identified during the course of investigations and incident response,” says the statement.
The report names two Russian intelligence groups who have already been named by CrowdStrike and other private security firms. The FSB, the main successor to the KGB, once headed by Russian President Vladimir Putin, is thought to be behind the hacking group known as APT29. A more traditional, long range intelligence agency, the RFSB lurked on the DNC systems for over a year.
The organizations gained access to the DNC through targeted spearphishing campaigns, in which the hackers tricked targeted users into clicking bogus links that either deployed malware or directed them to a fake webmail domain hosted by Russia. APT28 was able to use harvested credentials to then gain access and steal content, according to the report. This likely led “to the exfiltration of information from multiple senior party members.”
“The U.S. Government assesses that information was leaked to the press and publicly disclosed,” the report says.