"Grizzly Steppe" - FBI, DHS Release "Report" On Russian Hacking

As part of the "evidence" meant to substantiate the unprecedented act of expelling 35 Russian diplomats and locking down two Russian compounds without a major concurrent political or diplomatic incident, or an act of war, and which simply provides an outlets for the Democrats to justify the loss of their candidate in the US presidential election (sorry, Putin did not tell the rust belt how to vote), the Department of Homeland Security and the FBI released a 13-page "report" on the Russian action done "to compromise and exploit networks and endpoints associated with the U.S. election", i.e., hack it.

As the DHS writes, "this document provides technical details regarding the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities. The U.S. Government is referring to this malicious cyber activity by RIS as GRIZZLY STEPPE."

Where things get awkward, however, is at the very start of the report, which prefaced by a broad disclaimer, according to which nothing in the report is to be relied upon and that everything contained in it may be completely false.

No really: "this report is provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service referenced in this advisory or otherwise."

Which then begs the question who provides warranties of any kind to the allegation that Russia hacked the election, the 13-page report supposedly provides technical details regarding tools and infrastructure used by Russian civilian and military intelligence services to “compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities.”

So with that useful background in mind, we present some more notable excerpts from the report, where we get an introduction to the alleged Russian "parties" -  APT and APT 28. and note that nowhere in the report is it actually confirmed that these are the two alleged hackers or that they were instructed to "hack" the DHS (or the election as Obama puts it) by the Kremlin.

The U.S. Government confirms that two different RIS actors participated in the intrusion into a U.S. political party. The first actor group, known as Advanced Persistent Threat (APT) 29, entered into the party’s systems in summer 2015, while the second, known as APT28, entered in spring 2016.

 

 

Both groups have historically targeted government organizations, think tanks, universities, and corporations around the world. APT29 has been observed crafting targeted spearphishing campaigns leveraging web links to a malicious dropper; once executed, the code delivers Remote Access Tools (RATs) and evades detection using a range of techniques. APT28 is known for leveraging domains that closely mimic those of targeted organizations and tricking potential victims into entering legitimate credentials. APT28 actors relied heavily on shortened URLs in their spearphishing email campaigns. Once APT28 and APT29 have access to victims, both groups exfiltrate and analyze information to gain intelligence value. These groups use this information to craft highly targeted spearphishing campaigns. These actors set up operational infrastructure to obfuscate their source infrastructure, host domains and malware for targeting organizations, establish command and control nodes, and harvest credentials and other valuable information from their targets.

While there is more in the report below, essentailly what it does is blames several "known" Russian hacking organizations for what was simply a very unsophisticated phishing attack, one which could have been conducted by any 15-year-old in Cambodia or any other location around the globe.

The report comes as part of a slate of retaliatory measures against Russia issued Thursday by the Obama administration in response to the hacks. The Intelligence Community in October formally attributed the attacks to Russia, but provided no evidence to support its assessment.  It is unclear if this report, for which the DHS "does not provide any warranties of any kind regarding" its contents is what is supposed to pass off as "proof" that Russia hacked the US election; if so, Putin will indeed be laughing all night.