A forensic analysis released Friday indicated the same Russian group that hacked the Democratic National Committee was responsible for hacking the Democratic Congressional Campaign Committee.
The group, which is formally designated as APT 28 but known more famously as “Fancy Bear,” is highly sophisticated and linked to the Russian government. “It typically does two things,” said Christopher Porter, a team manager at cybersecurity firm FireEye. “They conduct espionage against some defense targets, and information operations where they’re trying to put out a message.”
Related Story: http://www.washingtonexaminer.com/article/2594517
Porter said FireEye’s analysis confirmed the group, which occupied the DNC’s network from April until June, also occupied the network of the DCCC from June 19-27. While the the first hack was aimed at stealing information, the attack on the DCCC was geared more toward gaining leverage to breach high value targets.
“We don’t actually know what they did to [DCCC] visitors,” Porter said, though the options are limited. “They can load malware on the computers of people trying to make donations, or they can profile their computer to get a name, address and job associated with a particular computer, so if they want to target a particular person, they can… Something we’ve commonly seen Russian actors do is compromise a home computer or a personal account and try to use those passwords to get into work or official accounts.”
That access can be used to victimize others, most often through the use of “phishing” emails that appear innocuous but that include malware. Russian actors have been accused of having used the emails against several of Democratic presidential nominee Hillary Clinton’s accounts, including those associated with her campaign and one associated with her private server.
Homeland security officials warned both Clinton and Republican nominee Donald Trump earlier this year that they were being targeted by foreign governments. “We have already had some indications,” Director of National Intelligence James Clapper said at a public event in May. “I anticipate as the campaigns intensify we will probably have more of it.”
Related Story: http://www.washingtonexaminer.com/article/2591650
Reports on Friday revealed that at least one hacking campaign against Clinton’s campaign apparatus was successful. The campaign was reportedly breached by hackers of unknown origin, though it is still not clear whether “Fancy Bear” played a role in the hack. The Clinton campaign said Friday night that its internal systems had not been compromised and that the hack was of a data program that the campaign and the DNC used.
Porter said that while the hacking might represent a new problem for Americans, it was a routine experience for other Russian adversaries around the globe. “We’ve seen them masquerade as legitimate government websites in Afghanistan, Georgia, Saudi Arabia, Ukraine, [and] Hungary. That was activity happening less than a year ago,” Porter said.
“The potential for cyberthreat actors like APT28 to try influence media coverage is not new, it’s just new for the United States,” he added.
