As part of the Obama administration’s Great Revenge against Russia over the latter’s meddling in the US presidential election, the Department of Homeland Security and the Federal Bureau of Investigation on Dec. 29 released a joint report (pdf)—code-name “Grizzly Steppe”—that includes newly declassified information on how Russian intelligence services go about their cyber crimes.
The report confirms that two Russian “espionage groups” were involved in hacking the emails of the Democratic National Committee—the first in summer 2015, and the second in spring 2016. They’re known as Advanced Persistent Threat (APT) 29 and 28, respectively.
But a Russian intelligence service by any other name would smell just as fishy. The report also included 45 alternate monikers for APT28 and APT29, and there are some doozies:
Agent.btz
BlackEnergy V3
BlackEnergy2 APT
CakeDuke
Carberp
CHOPSTICK
CloudDuke
CORESHELL
CosmicDuke
COZYBEAR
COZYCAR
COZYDUKE
CrouchingYeti
DIONIS
Dragonfly
Energetic Bear
EVILTOSS
Fancy Bear
GeminiDuke
GREY CLOUD
HammerDuke
HAMMERTOSS
Havex
MiniDionis
MiniDuke
OLDBAIT
OnionDuke
Operation Pawn Storm
PinchDuke
Powershell backdoor
Quedagh
Sandworm
SEADADDY
Seaduke
SEDKIT
SEDNIT
Skipper
Sofacy
SOURFACE
SYNful Knock
Tiny Baron
Tsar Team
twain_64.dll (64-bit X-Agent implant)
VmUpgradeHelper.exe (X-Tunnel implant)
Waterbug X-Agent
The rest of the report is fairly technical: The Department of Homeland Security and the FBI offer steps for identifying attacks—including specific code to detect Russian malware—and highlight resources (more pdfs) on things like “SQL injection” and “cross-site scripting (XSS) vulnerabilities.” The report also outlines cybersecurity best practices that include establishing an “incident response plan” and ensuring all employees are trained on it.
US president-elect Donald Trump may still be ignoring the conclusions of 17 American intelligence agencies when it comes to Russian hacking, but he does have at least one thing right: Computers complicate lives very greatly. Very greatly indeed.