Exposure of The Democratic National Committee (DNC) communications was likely enabled by Russian state-sponsored groups APT 28 and APT 29. The signs for the Russian attribution were seen on different levels:
- Similar hacking tactics: setting up typosquatted domain misdepatrment [.]com, linked this domain to an IP address the hackers had used in previous breaches etc.
- Russian language and cultural metadata in the leaked files opened and/or modified by the hackers.
- Persona Guccifer 2.0 pretending to be behind the hack says he is Romanian, but was unable to hold a conversation in that language and used an IP address provided by a Russian VPN service.
There are at least two major reasons why Russia may want to use cyber against Hillary Clinton's campaign:
- It's vital to Russian government propaganda to show that political process is rigged not only in Russia but also in democratic countries like the US.
- Russia does hope for a better relationship under the Donald Trump's presidency as it suffers from economic sanctions and certain military and diplomatic resistance especially to it's occupation of Ukrainian regions.
So it's likely that more cyber attacks on the election process will follow: more materials may be exposed (DNC, DCCC, Clinton's private server), DDoS attacks similar to those that caused troubles during elections in Ukraine and Bulgaria could be used, Russian English-speaking media (RT, Sputnik) and fake social media accounts could be used to promote psychological operations and spread propaganda. And also unlikely but highly devastating are possibilities of using cyber to tamper with voting machines, voter records, target and intimidate campaign workers or donors with spoofed messages and similar aggressive tactics.
Publication date: 29 July 2016; information cutoff date: 29 June 2016
Handling Requirements: Traffic Light Protocol (TLP) GREEN
Attribution/Threat Actors: Russian state-sponsored groups APT 28 and APT 29.
Actor Type: Adversary capabilities have been assessed as Tier VI. States with the ability to successfully execute full spectrum (cyber capabilities in combination with all of their military and intelligence capabilities) operations to achieve a specific outcome in political, military, economic, etc. domains and apply at scale.
Previous Reporting: “Risk Assessment: US Presidential Election Cyber Threat Landscape”
Industries Targeted: Political
This material was published in its entirety to the Financial Services ISAC and Red Sky Alliance portal on July 29, 2016. For more information, contact Wapack Labs at 844-4-WAPACK.