Russian Cyber Attack: The Rules of Cyber Warfare & Grizzly Steppe Report
()
About this ebook
Read more from Strategic Studies Institute
The Korean Military Threat Rating: 0 out of 5 stars0 ratingsInternational Conflicts in Cyberspace - Battlefield of the 21st Century Rating: 0 out of 5 stars0 ratingsThe Battle against Al-Qaeda and Islamic State: History, Doctrine, Modus Operandi and U.S. Strategy to Defeat Terrorism Rating: 0 out of 5 stars0 ratingsWhat Should the U.S. Army Learn From History? Rating: 0 out of 5 stars0 ratingsTerrorist Sanctuary in the Sahara Rating: 0 out of 5 stars0 ratings
Related to Russian Cyber Attack
Related ebooks
Combining Concepts: Operational Shock In Insurgencies Rating: 0 out of 5 stars0 ratingsOperational Encirclements: Can The United States Military Decisively Follow Through? Rating: 0 out of 5 stars0 ratingsBody Cavity Bombers: the New Martyrs: A Terrorism Research Center Book Rating: 0 out of 5 stars0 ratingsGuerrilla Warfare Tactics In Urban Environments Rating: 5 out of 5 stars5/5Outside Lobbying: Public Opinion and Interest Group Strategies Rating: 0 out of 5 stars0 ratingsVictory for Hire: Private Security Companies’ Impact on Military Effectiveness Rating: 0 out of 5 stars0 ratingsPlutocratic Insurgency Reader Rating: 0 out of 5 stars0 ratingsFounding a Nation: A Guide to the Foundation of an Internationally Recognized Country Rating: 0 out of 5 stars0 ratingsTerrorism Futures: Evolving Technology and Ttps Use Rating: 0 out of 5 stars0 ratingsMonkeys and Political Leaders: The Seven Rules to Every Human-Simian Society Rating: 0 out of 5 stars0 ratingsMachinery of War: A Comprehensive Study of the Post-9/11 Global Arms Trade Rating: 5 out of 5 stars5/5Intelligence dictionary Rating: 1 out of 5 stars1/5Simple Sabotage Field Manual Rating: 0 out of 5 stars0 ratingsSpying on Democracy: Government Surveillance, Corporate Power and Public Resistance Rating: 3 out of 5 stars3/5How to Survive a Nuclear Attack Rating: 0 out of 5 stars0 ratingsProxy Wars: Suppressing Violence through Local Agents Rating: 0 out of 5 stars0 ratings@War: The Rise of the Military-Internet Complex Rating: 4 out of 5 stars4/5Capitalism, Socialism and Property Rights: Why market socialism cannot substitute the market Rating: 0 out of 5 stars0 ratingsEffective Intelligence In Urban Environments Rating: 0 out of 5 stars0 ratingsGuerilla Warfare Readings Rating: 0 out of 5 stars0 ratingsCyber Warfare: Its Implications on National Security Rating: 0 out of 5 stars0 ratingsCulture in Conflict: Irregular Warfare, Culture Policy, and the Marine Corps Rating: 0 out of 5 stars0 ratingsMacroprudential Policy Framework Rating: 0 out of 5 stars0 ratingsCountering Irregular Activity In Civil War Arkansas - A Case Study Rating: 0 out of 5 stars0 ratingsThe U.S. Army/Marine Corps Counterinsurgency Field Manual Rating: 4 out of 5 stars4/5The Privatisation of Security in the Kurdistan Region of Iraq Rating: 0 out of 5 stars0 ratingsArms of Little Value: The Challenge of Insurgency and Global Instability in the Twenty-First Century Rating: 0 out of 5 stars0 ratingsThe Science of War: Defense Budgeting, Military Technology, Logistics, and Combat Outcomes Rating: 0 out of 5 stars0 ratingsInfluence Warfare Volume I: A Blueprint Rating: 5 out of 5 stars5/5Strategy and Tactics Rating: 5 out of 5 stars5/5
Politics For You
The Prince Rating: 4 out of 5 stars4/5Why I’m No Longer Talking to White People About Race: The Sunday Times Bestseller Rating: 4 out of 5 stars4/5Daily Stoic: A Daily Journal On Meditation, Stoicism, Wisdom and Philosophy to Improve Your Life Rating: 5 out of 5 stars5/5The Parasitic Mind: How Infectious Ideas Are Killing Common Sense Rating: 4 out of 5 stars4/5The Real Anthony Fauci: Bill Gates, Big Pharma, and the Global War on Democracy and Public Health Rating: 4 out of 5 stars4/5Elite Capture: How the Powerful Took Over Identity Politics (And Everything Else) Rating: 5 out of 5 stars5/5This Is How They Tell Me the World Ends: The Cyberweapons Arms Race Rating: 4 out of 5 stars4/5No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State Rating: 4 out of 5 stars4/5Killing the SS: The Hunt for the Worst War Criminals in History Rating: 4 out of 5 stars4/5The Girl with Seven Names: A North Korean Defector’s Story Rating: 4 out of 5 stars4/5The U.S. Constitution with The Declaration of Independence and The Articles of Confederation Rating: 5 out of 5 stars5/5Capitalism and Freedom Rating: 4 out of 5 stars4/5Fear: Trump in the White House Rating: 4 out of 5 stars4/5The Great Reset: And the War for the World Rating: 4 out of 5 stars4/5The January 6th Report Rating: 4 out of 5 stars4/5The Republic by Plato Rating: 4 out of 5 stars4/5The Gulag Archipelago [Volume 1]: An Experiment in Literary Investigation Rating: 4 out of 5 stars4/5Speechless: Controlling Words, Controlling Minds Rating: 4 out of 5 stars4/5Nickel and Dimed: On (Not) Getting By in America Rating: 4 out of 5 stars4/5Son of Hamas: A Gripping Account of Terror, Betrayal, Political Intrigue, and Unthinkable Choices Rating: 4 out of 5 stars4/5Ever Wonder Why?: and Other Controversial Essays Rating: 5 out of 5 stars5/5Get Trump: The Threat to Civil Liberties, Due Process, and Our Constitutional Rule of Law Rating: 5 out of 5 stars5/5On Palestine Rating: 4 out of 5 stars4/5How to Hide an Empire: A History of the Greater United States Rating: 4 out of 5 stars4/5The Cult of Trump: A Leading Cult Expert Explains How the President Uses Mind Control Rating: 3 out of 5 stars3/5The Madness of Crowds: Gender, Race and Identity Rating: 4 out of 5 stars4/5
Related categories
Reviews for Russian Cyber Attack
0 ratings0 reviews
Book preview
Russian Cyber Attack - Strategic Studies Institute
Russian Cyber Activity
Table of Contents
Summary
Description
Technical Details
Injection Flaws
Cross-site scripting (XSS) vulnerabilities
Server vulnerabilities
Recommended Mitigations
Detailed Mitigation Strategies
Contact Information
Feedback
Summary
Table of Contents
This Joint Analysis Report (JAR) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This document provides technical details regarding the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities. The U.S. Government is referring to this malicious cyber activity by RIS as GRIZZLY STEPPE.
Previous JARs have not attributed malicious cyber activity to specific countries or threat actors. However, public attribution of these activities to RIS is supported by technical indicators from the U.S. Intelligence Community, DHS, FBI, the private sector, and other entities. This determination expands upon the Joint Statement released October 7, 2016, from the Department of Homeland Security and the Director of National Intelligence on Election Security.
Joint Statement from the Department Of Homeland Security and Office of the Director of National Intelligence on Election Security
The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations. The recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts. These thefts and disclosures are intended to interfere with the US election process. Such activity is not new to Moscow—the Russians have used similar tactics and techniques across Europe and Eurasia, for example, to influence public opinion there. We believe, based on the scope and sensitivity of these efforts, that only Russia's senior-most officials could have authorized these activities.
Some states have also recently seen scanning and probing of their election-related systems, which in most cases originated from servers operated by a Russian company. However, we are not now in a position to attribute this activity to the Russian Government. The USIC and the Department of Homeland Security (DHS) assess that it would be extremely difficult for someone, including a nation-state actor, to alter actual ballot counts or election results by cyber attack or intrusion. This assessment is based on the decentralized nature of our election system in this country and the number of protections state and local election officials have in place. States ensure that voting machines are not connected to the Internet, and there are numerous checks and balances as well as extensive oversight at multiple levels built into our election process.
Nevertheless, DHS continues to urge state and local election officials to be vigilant and seek cybersecurity assistance from DHS. A number of states have already done so. DHS is providing several services to state and local election officials to assist in their cybersecurity. These services include cyber hygiene
scans of Internet-facing systems, risk and vulnerability assessments, information sharing about cyber incidents, and best practices for securing voter registration databases and addressing potential cyber threats. DHS has convened an Election Infrastructure Cybersecurity Working Group with experts across all levels of government to raise awareness of cybersecurity risks potentially affecting election infrastructure and the elections process. Secretary Johnson and DHS officials are working directly with the National Association of Secretaries of State to offer assistance, share information, and provide additional resources to state and local officials.
This activity by RIS is part of an ongoing campaign of cyber-enabled operations directed at the U.S. government and its citizens. These cyber operations have included spearphishing campaigns targeting government organizations, critical infrastructure entities, think tanks, universities, political organizations, and corporations leading to the theft of information. In foreign countries, RIS actors conducted damaging and/or disruptive cyber-attacks, including attacks on critical infrastructure networks. In some cases, RIS actors masqueraded as third parties, hiding behind false online personas designed to cause the victim to misattribute the source of the attack. This JAR provides technical indicators related to many of these operations, recommended mitigations, suggested actions to take in response to the indicators provided, and information on how to report such incidents to the U.S. Government.
Description
Table of Contents
The U.S. Government confirms that two different RIS actors participated in the intrusion into a U.S. political party. The first actor group, known as Advanced Persistent Threat (APT) 29, entered into the party’s systems in summer 2015, while the second, known as APT28, entered in spring 2016.
Figure 1: The tactics and techniques used by APT29 and APT 28 to conduct cyber intrusions against target systems
Both groups have historically targeted government organizations, think tanks, universities, and corporations around the world. APT29 has been observed crafting targeted spearphishing campaigns leveraging web links to a malicious dropper; once executed, the code delivers Remote Access Tools (RATs) and evades detection using a range of techniques. APT28 is known for leveraging domains that closely mimic those of targeted organizations and tricking potential victims into entering legitimate credentials. APT28 actors relied heavily on shortened URLs in their spearphishing email campaigns. Once APT28 and APT29 have access to victims, both groups exfiltrate and analyze information to gain intelligence value. These groups use this information to craft highly targeted spearphishing campaigns. These actors set up operational infrastructure to obfuscate their source infrastructure, host domains and malware for targeting organizations, establish command and control nodes, and harvest credentials and other valuable information from their targets.
In summer 2015, an APT29 spearphishing campaign directed emails containing a malicious link to over 1,000 recipients, including multiple U.S. Government victims. APT29 used