As part of the Obama administration’s Great Revenge against Russia over the latter’s meddling in the US presidential election, the Department of Homeland Security and the Federal Bureau of Investigation on Dec. 29 released a joint report (pdf)—code-name “Grizzly Steppe”—that includes newly declassified information on how Russian intelligence services go about their cyber crimes.
The report confirms that two Russian “espionage groups” were involved in hacking the emails of the Democratic National Committee—the first in summer 2015, and the second in spring 2016. They’re known as Advanced Persistent Threat (APT) 29 and 28, respectively.
But a Russian intelligence service by any other name would smell just as fishy. The report also included 45 alternate monikers for APT28 and APT29, and there are some doozies:
Operation Pawn Storm
twain_64.dll (64-bit X-Agent implant)
VmUpgradeHelper.exe (X-Tunnel implant)
The rest of the report is fairly technical: The Department of Homeland Security and the FBI offer steps for identifying attacks—including specific code to detect Russian malware—and highlight resources (more pdfs) on things like “SQL injection” and “cross-site scripting (XSS) vulnerabilities.” The report also outlines cybersecurity best practices that include establishing an “incident response plan” and ensuring all employees are trained on it.
US president-elect Donald Trump may still be ignoring the conclusions of 17 American intelligence agencies when it comes to Russian hacking, but he does have at least one thing right: Computers complicate lives very greatly. Very greatly indeed.