FBI, DHS Report Implicates Cozy Bear, Fancy Bear In Election-Related Hacks

  /     /     /  
Publicated : 22/11/2024   Category : security


FBI, DHS Report Implicates Cozy Bear, Fancy Bear In Election-Related Hacks


US government dubs the operation GRIZZLY STEPPE in new Joint Analysis Report, and says the malicious groups activity continues.



In a
Joint Analysis Report (JAR) released today
, the Federal Bureau of Investigation and the US Department of Homeland Security officially attributed election-related attacks to two Russian state-sponsored hacking groups: APT28 (also known as Fancy Bear) and APT29 (also known as Cozy Bear). The JAR was released alongside the Obama administrations announcement of a
series of sanctions
against Russian officials and other organizations related to the hacking.
The FBI and DHS have dubbed these efforts by Russian civilian and military intelligence services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities with the codename GRIZZLY STEPPE.
The JAR - which contains indicators of compromise and extensive mitigation advice for security professionals - also warns that these actors malicious behavior is ongoing.
From the JAR:
In summer 2015, an APT29 spearphishing campaign directed emails containing a malicious link to over 1,000 recipients, including multiple U.S. Government victims. APT29 used legitimate TLP:WHITE 3 of 13 TLP:WHITE domains, to include domains associated with U.S. organizations and educational institutions, to host malware and send spearphishing emails. In the course of that campaign, APT29 successfully compromised a U.S. political party. At least one targeted individual activated links to malware hosted on operational infrastructure of opened attachments containing malware. APT29 delivered malware to the political party’s systems, established persistence, escalated privileges, enumerated active directory accounts, and exfiltrated email from several accounts through encrypted connections back through operational infrastructure.
In spring 2016, APT28 compromised the same political party, again via targeted spearphishing. This time, the spearphishing email tricked recipients into changing their passwords through a fake webmail domain hosted on APT28 operational infrastructure. Using the harvested credentials, APT28 was able to gain access and steal content, likely leading to the exfiltration of information from multiple senior party members. The U.S. Government assesses that information was leaked to the press and publicly disclosed.
Read the full details, with technical indicators and detailed mitigation strategies in the
JAR, released via US-CERT


Last News

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
FBI, DHS Report Implicates Cozy Bear, Fancy Bear In Election-Related Hacks