Russia's 'Grizzly Steppe' kicked off with 'spear-phishing campaign' against DNC

News by Teri Robinson

A Russian APT began attacking the computer networks of the US Democratic National Committee with a series of spear-phishing emails in the summer of 2015, according to a US intelligence agency report.

Russia's efforts to influence the 2016 presidential election began modestly in the summer of 2015 with emails containing malware sent to at least 1000 people affiliated within the US government and political organisations, according to a 13-page joint analysis report (JAR) issued by the Department of Homeland Security (DHS) and the FBI.

The US intelligence agencies are confident that the spear-phishing campaign – dubbed “Grizzly Steppe” – was executed by the APT group affiliated with the Russian intelligence arm FSB and that it yielded access to the Democratic National Committee (DNC) systems and those of others associated with the Democrats and presidential candidate Hillary Clinton.

Bloomberg reported Kremlin spokesperson Dmitry Peskov as “categorically” disagreeing with “groundless allegations or charges against Russia”.

However, the FBI and the Department of Homeland Security in a joint statement called the effort “a decade-long campaign of cyber-enabled operations directed at the US government and its citizens”.

In its JAR, the DHS and FBI say they have evidence of a second wave of attacks in spring 2016 executed by a second group of hackers, APT 28, affiliated with Russia's GRU military intelligence division.

“This time, the spear-phishing email tricked recipients into changing their passwords through a fake webmail domain hosted on APT 28 operational infrastructure,” the report said, and enabled hackers to grab the content that was eventually leaked during the last months of the presidential campaign.

DHS released a list of IP addresses, malicious code and other digital forensic evidence to support its claims of Russian meddling.

The report was unveiled as President Obama imposed sanctions against Russia for its interference. Sanctions included the ouster of nearly three dozen Russian diplomats based in the US and closure of sites in the US associated with Russian intelligence gathering.

The DHS and FBI said the hackers successfully “set up operational infrastructure to obfuscate their source infrastructure, host domains and malware for targeting organisations, establish command and control nodes, and harvest credentials and other valuable information from their targets."

The report, DHS and the FBI said, “provides technical indicators related to many of these operations, recommended mitigations and information on how to report such incidents to the US government”.

But Peskov called the sanctions “unfortunately a manifestation of an unpredictable and you could even say aggressive policy” by the Obama administration.

Obama had promised retaliation against Russia and has asked the intelligence community to conduct a thorough review of the country's interference in the election before he leaves office 20 January.

This first round of sanctions drew both support and criticism from lawmakers. “While these sanctions took too long to be put into place, they are an important step in showing Russia and other adversaries that we will not allow these kinds of attacks to go unanswered,” Rep. Will Hurd (R-Texas). “There is more we can do to keep American organisations and agencies safe from these cyber-attacks and I will continue to work with my colleagues in Congress and the new administration to ensure that our cyber domain is fortified."

Meanwhile, president-elect Donald Trump dismissed the claims, saying it was time to move on to bigger and better things.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews