Posted: 1:32 pm PT
[twitter-follow screen_name=’Diplopundit’ ]
Related to the declaration of 35 Russian officials persona non grata for malicious cyber activity and harassment (see USG Declares 35 Russian Officials Persona Non Grata, Imposes New Sanctions), DHS and FBI also released a Joint Analysis Report (JAR) which provide details of the tools and infrastructure used by Russian intelligence services to compromise and exploit networks and infrastructure associated with the recent U.S. election, as well as a range of U.S. government, political and private sector entities. Below via us-cert.gov: from the JAR: GRIZZLY STEPPE – Russian Malicious Cyber Activity. Click on image below to read the full Joint Analysis Report from DHS/FBI: JAR_16-20296. Original document is posted here.
In spring 2016, APT28 compromised the same political party, again via targeted spearphishing. This time, the spearphishing email tricked recipients into changing their passwords through a fake webmail domain hosted on APT28 operational infrastructure. Using the harvested credentials, APT28 was able to gain access and steal content, likely leading to the exfiltration of information from multiple senior party members. The U.S. Government assesses that information was leaked to the press and publicly disclosed.