Mueller’s report found that Unit 26165 used several “middle servers” to act as a buffer between the hacked networks and the GRU’s main operations. The hackers used Mimikatz, a hacking tool used once an intruder is already in a target network, to collect credentials, and two other kinds of malware: X-Agent for taking screenshots and logging keystrokes, and X-Tunnel used to exfiltrate massive amounts of data from the network to servers controlled by the GRU.
Mueller formally blamed Unit 26165, a division of the GRU specializing in targeting government and political organizations, for taking on the “primary responsibility for hacking the DCCC and DNC, as well as email accounts of individuals affiliated with the Clinton Campaign,” said the Mueller report. The operatives, known collectively as “Fancy Bear,” comprised several units tasked with specific operations. By stealing the login details of a system administrator who had “unrestricted access” to the network, the hackers broke into 29 computers in the ensuing weeks, and more than 30 computers on the DNC. Using credentials they stole along the way, the hackers broke into the networks of the Democratic Congressional Campaign Committee days later. The GRU hackers also gained access to the email account of John Podesta, Clinton’s campaign chairman, of which its contents were later published. The operatives working for the Russian intelligence directorate, the GRU, sent dozens of targeted spearphishing emails in just five days to the work and personal accounts of Clinton Campaign employees and volunteers, as a way to break into the campaign’s computer systems. But new details in the 488-page redacted report released by the Justice Department on Thursday offered new insight into how the GRU operatives hacked.
0 kommentar(er)
