Published: Сб, Декабря 24, 2016
Hi-Tech | By Merle Christensen

DNC breach further linked to Russian Federation through Ukrainian artillery hack

DNC breach further linked to Russian Federation through Ukrainian artillery hack

This connection increases the likelihood that the hackers - dubbed Fancy Bear by cybersecurity firm CrowdStrike - are a unit working for Russia's military intelligence agency, the GRU.

As the conflict in eastern Ukraine evolved towards a military engagement, somewhere along the way, Fancy Bears operators took a copy of this app, injected it with their malware, and spread it online by posting links to the infected version on various Ukrainian military forums.

That is the claim of CrowdStrike co-founder Dmitri Alperovitch, who has linked the malware found on the Android smartphones of Ukrainian military personnel with the same "Fancy Bear" group of hackers that, he claims, were behind attacks on the US Democratic National Committee.

Sherstuk's app has never been distributed through Google Play, meaning its users likely installed it manually after obtaining it from various sources.

Читайте также: Switzerland Fines Banks for Cartels on Rates, Derivatives

"Also known as Sofacy, X-Agent has been tracked by the security community for nearly a decade, CrowdStrike associates the use of X-Agent with an actor we call Fancy Bear", he added. There is no evidence the application was made available in the Android app store, limiting its distribution, the firm said.

A tool such as this has the potential ability to map out a unit's composition and hierarchy, determine their plans, and even triangulate their approximate location. "This type of strategic analysis can enable the identification of zones in which troops are operating and help prioritize assets within those zones for future targeting".

Crowdstrike, which the DNC hired to investigate and remediate the breach, found a variant of the "X-Agent" malware infecting targeted software used by Ukrainian weapon systems in that nation's conflict against Russian separatists. "The source code to this malware has not been observed in the public domain and appears to have been developed uniquely by Fancy Bear", CrowdStrike said.

This further confirms reports from United States intelligence agencies on Russia's involvement with the USA presidential election, experts say. On his Facebook page, he commented about the Crowdstrike report, saying it was "delusional and written for amateurs..." While it was initially discovered in a battlefield environment, an adversary could also leverage it in attacks against non-military targets. With mobile devices used in civilian and military organizations, this technique could very possibly be deployed in political, government, and other sectors in the near future. Most conspicuous is that Ukraine lost 80% of its arsenal of D-30 Howitzer guns.

При любом использовании материалов сайта и дочерних проектов, гиперссылка на обязательна.
«» 2007 - 2017 Copyright.
Автоматизированное извлечение информации сайта запрещено.

Код для вставки в блог

Like this: