Malware Used In DNC Breach Found Tracking Ukraine Military

[lecter]

Vladimir bless!

A good read, opposite to CNN etc
If you're completely out of the loop I tried to explain the basic picture of the connection between Russian intelligence agencies and advanced persistent threats in another thread, Fancy Bear would be such a group and is one of the two groups which was more or less found responsible for the DNC breach.

I'm a hardcore hater of the Democrats and I think it's pathetic how the media spins together a 'hacked by the Russians' narrative that often makes it sound as if Russians hacked voting machines and gave some votes to Trump if you only read the headlines or Democrat's comments on the issue.

But as a professional security engineer, my honest opinion is that I don't doubt that they were able to link the DNC hack to some 'Russian group'.

Some of the independent companies are highly respected and if they come to the same conclusion like intelligence agencies and law enforcement agencies, I just don't see a rational argument why I wouldn't believe them. Of course, you probably can 'buy' anybody but the risks would be higher than the rewards.
It's just important to keep in mind to look at it from the right angle and understand what they do or don't know.
The attacks were linked to so-called "advanced persistent threats" located in Russia, organized groups capable of professional and targeted attacks at high-priority targets, and those specific groups involved in the DNC hack are typically "associated" with Russian intelligence agencies, which means they are 'likely' sponsored and called into action by Russian agencies.
Those are conclusions based on strong technical indicators, their modus operandi, their targets, their capabilities etc.
But that's still not like in a movie where they find an IP address in the logs, enter it in some search engine and say "Oh it's the kremlin" or "we identified Victor Gorchow, he works for the KGB!". It's also not necessarily a fact that every advanced persistent threat works exclusively for a specific intelligence agency. So I don't doubt their findings linking (I believe two of) those groups to the DNC breach, but that's just not the same as what most people have in mind when they read or write the Russians hacked our election!
I should add that I'm not a penetration tester but audit software and that I didn't actually spend a lot of time reading through the facts but I feel a lot of people just miss any perspective on what we're even talking about with those Russian hacks.

Now their signature was found on compromised devices of Ukraine's military.
http://www.darkreading.com/threat-i...und-tracking-ukraine-military/d/d-id/1327778?

A quite interesting read.

 

[VivaRevolution]

Vladimir bless!

A good read, opposite to CNN etc
If you're completely out of the loop I tried to explain the basic picture of the connection between Russian intelligence agencies and advanced persistent threats in another thread, Fancy Bear would be such a group and is one of the two groups which was more or less found responsible for the DNC breach.



Now their signature was found on compromised devices of Ukraine's military.
http://www.darkreading.com/threat-i...und-tracking-ukraine-military/d/d-id/1327778?

A quite interesting read.

Put this nonsense to rest NSA. Show us the packet transfer across the fiber optic cables.

If the DNC was hacked, we know for a fact that the NSA has this info.

No need for this Sherlock Holmes type deduction.

Either the NSA has the smoking gun, and it was a hack whose origin can be traced, or they don't, and this was a leak.

 

[Big_Chief_Stove]

No hack, just leaks.

 

[sub_thug]

Russia probably hacked the DNC servers. The Dark Reading article clearly suggests it. It's not like cracking email servers is that difficult, and the DNC servers are better protected just because they belong to the DNC. A simple phishing attack would have been enough to get the foothold needed to access those servers.

Let me play devil's advocate for a second: once a malware has been released, it's not like a bomb. Bombs explode, and you can't use them again. Malware is like a spear. If someone throws it at you, you have it, and you can throw it at whoever you want. Anyone infected with Russian malware designed to spy on the Ukrainian military could spread it around, using it to spy on someone else. Stuxnet, a piece of malware largely believed to have been designed by the US and Israel to destroy Iranian nuclear centrifuges, was discovered on American computers by antivirus guys. It was found in countries around the world.

 

[Kingz]

I wonder how the media feels about Putin doing a better job of informing Americans than they do.

 

[ShadowRun]

So this is based off Fancy Bear APT's signature in malware that the company crowdstrike says is part of Russia. A lot of assumptions in the cyber security world. I would think a APT would use different malware that doesn't have snort rules defined by their own name lol