There been several reports and assessments into the cyber-attacks and the hacking of the Presidential Election and Presidential Campaign of 2016 in the United States. This has been either criss-crossed or been over-looked. Certainly these has either addressed certain maladministration or lacking security defence of the Democratic Party. United States has been attacked and this hacking has been used to spread information on certain individuals and their parties when public opinion has mattered. Not all of the reports has shed much light on the matter, still the values of them all kind spread the value of the hacked documents.
Therefore the newly released report of another vision of the ‘Grizzly Steppe’ the Russian hacking on American soil and American computers proves the problematic situation, as this reports shed more light on the issue of the meddling of foreign powers into the recent election.
“JAR-16-20296 provides technical details regarding the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities. JAR-16-20296 remains a useful resource for understanding APT28 and APT29 use of the cyber kill chain and exploit targets. Additionally, JAR-16-20296 discusses some of the differences in activity between APT28 and APT29. This AR primarily focuses on APT28 and APT29 activity from 2015 through 2016” (DHS, P: 2, 2017).
This has already said more than others, where the levels of intelligence and the traits of a single system connected to RIS where there, also the period of activity. Also, with the proof of yet another method that we non-computer technicians haven’t heard about:
“GRIZZLY STEPPE actors use various reconnaissance methods to determine the best attack vector for compromising their targets. These methods include network vulnerability scanning, credential harvesting, and using “doppelganger” (also known as “typo-squatting”) domains to target victim organizations. The doppelganger domains can be used for reconnaissance when users incorrectly type in the web address in a browser or as part of delivery as a URL in the body of a phishing emails. DHS recommends that network defenders review and monitor their networks for traffic to sites that look similar to their own domains. This can be an indicator of compromise that should trigger further research to determine whether a breach has occurred. Often, these doppelganger sites are registered to suspicious IP addresses” (DHS, P: 4, 2017).
“GRIZZLY STEPPE actors have excelled at embedding malicious code into a number of file types as part of their weaponization efforts. In 2014, it was reported that GRIZZLY STEPPE actors were wrapping legitimate executable files with malware (named “OnionDuke”) to increase the chance of bypassing security controls. Since weaponization actions occur within the adversary space, there is little that can be detected by security analysts during this phase. APT28 and APT29 weaponization methods have included:
Code injects in websites as watering hole attacks
Malicious macros in Microsoft Office files
Malicious Rich Text Format (RTF) files with embedded malicious flash code” (DHS, P: 5 ,2017).
So these reports are yet another step into the unravelling of the hacking that has occurred and the TLP White Report from the Department of Homeland Security. This report has showed a little bit more and especially more technical features that are hard to describe in words. Still, this one is the most proving one of the ones delivered.
This report also added technics of ways of hacking computers that can and shows the intelligent ways the RIS and their computer hackers. However, this was more technical so therefore I cannot digest it all, which needs to be done by computer technicians. So my estimation on the value of this one is certainly that the DHS tries to prove the actual acts and not only assess it. Therefore this gives the feeling of proof and the validity of these acts. Peace.
Department of Homeland Security (DHS) – ‘Enhanced Analysis of GRIZZLY STEPPE Activity’ (10.02.2017)