'CosmicDuke,' 'CrouchingYeti,' 'Energetic Bear,' 'OnionDuke,' 'Sandworm' and 'Tiny Baron'

[superbeets]

[h=1]U.S. intelligence agencies point finger at Russia's 'Grizzly Steppe' operation for Democratic Party cyber attacks as they give hacking groups nicknames like 'CrouchingYeti' and 'Sandworm'[/h]

• The FBI and Homeland Security Departments released a report on Thursday describing cyber attacks by Russian state actors
• The 'spearphishing' exploits hit the Democratic National Committee along with universities, government agencies, corporations and other targets
• The Obama administration leveled new sanctions against Russia on Thursday
• President-elect Donald Trump called for America to 'move on to bigger and better things' but promised to meet with intelligence agencies next week
• The U.S. government's pet names for the hackers include 'CosmicDuke,' 'CrouchingYeti,' 'Energetic Bear,' 'OnionDuke,' 'Sandworm' and 'Tiny Baron'

By DAVID MARTOSKO, US POLITICAL EDITOR FOR DAILYMAIL.COM
PUBLISHED: 23:13, 29 December 2016 | UPDATED: 12:06, 30 December 2016

 

[superbeets]

The FBI and the Department of Homeland Security determined in a report released Thursday that Russian state actors were behind computer hacks this year that exposed some of the Democratic National Committee's secrets.
America's intelligence community, the report reveals, code-named the effort 'Grizzly Steppe,' and referred to specific hackers or groups of hackers by pet names including 'CosmicDuke,' 'COZYBEAR,' 'CrouchingYeti,' 'Energetic Bear,' 'Fancy Bear,' 'OnionDuke,' 'Sandworm,' 'SOURFACE' and 'Tiny Baron.'
The report was released as the Obama administration and Moscow traded barbs over a raft of new White House sanctions against Russian government actors the White House says are tied to election-year computer hacking in the U.S.
President-elect Donald Trump said in a statement late Thursday that 't's time for our country to move on to bigger and better things.'
'Nevertheless, in the interest of our country and its great people, I will meet with leaders of the intelligence community next week in order to be updated on the facts of this situation.'

+6

+6




President Barack Obama's intelligence agencies released a report Thursday that seemed to back his decision to level new sanctions against Russia, while President-elect Donald Trump called for America to 'move on to bigger and better things'

+6


The FBI and Homeland Security Department nicknamed the Russian cyber attack operation as 'Grizzly Steppe,' and illustrated its techniques in a report issued Thursday

+6


Groups of hackers that the FBI and DHS refer to as 'APT28' and 'APT29,' they said, infiltrated the Democratic National Committee for more than a year, and didn't stop until after the November 8 presidential election

Evidence is strong, the FBI and DHS concluded, tying Russia to the DNC hack, which unmasked an intra-party plot to promote Hillary Clinton's primary candidacy while marginalizing her main opponent, Sen. Bernie Sanders.
The report makes no reference, however, to the more explosive leaks of emails hacked from the personal account of Clinton campaign chairman John Podesta.
The 13-page document's main purpose is to educate government and political IT professionals about how to protect their computer systems from future cyber attacks.
But its most volatile statements concern intelligence findings that establish the involvement of Russian military and civilian intelligence agencies in past hacking.
Those services found ways to 'compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities,' Thursday's report concludes.

 

[superbeets]

[h=3]THE LIST: U.S. gov't nicknames for Russian cyber attackers[/h]A report released by the FBI and Homeland Security Department disclosed a list of 'alternate names' for Russian hacking groups thought to be targeting American political parties, universities, government agencies, corporations, and other institutions in a program nicknamed 'Grizzly Steppe':
APT28
APT29
Agent.btz
BlackEnergy V3
BlackEnergy2 APT
CakeDuke
Carberp
CHOPSTICK
CloudDuke
CORESHELL
CosmicDuke
COZYBEAR
COZYCAR
COZYDUKE
CrouchingYeti
DIONIS


Dragonfly
Energetic Bear
EVILTOSS
Fancy Bear
GeminiDuke
GREY CLOUD
HammerDuke
HAMMERTOSS
Havex
MiniDionis
MiniDuke
OLDBAIT
OnionDuke
Operation Pawn Storm
PinchDuke
Powershell backdoor


Quedagh
Sandworm
SEADADDY
Seaduke
SEDKIT
SEDNIT
Skipper
Sofacy
SOURFACE
SYNful Knock
Tiny Baron
Tsar Team
twain_64.dll
VmUpgradeHelper.exe
Waterbug
X-Agent

 

[superbeets]

Mockery: This was how Russia's embassy in London responded to the new sanctions from the Obama administraitoin on Thursday, mocking the outgoing president as a 'lame duck'The two agencies had already released a statement in October attributing the attacks to Russia, claiming they were an attempt to 'interfere' with America's presidential election.
The new report does not expand on that specific allegation or provide new evidence to support it.
The two main Russian entities identified on Thursday include a hacking group known as APT29, tied to Russia's Federal Security Service – the FSB, one of sevreal successor agencies to the infamous KGB which Russian President Vladimir Putin once led.
That group is thought to have infiltrated the DBC's computers for more than a year, pulling out documents regularly.

 

[superbeets]

+6


Spy HQ: The Moscow headquarters of the FSB, known popularly as the Lubyanka, has been used for espionage for generations. It was where Stalin's purges were directed from

The FBI and DHS tied another group of hackers, known as APT28, to Russia's military intelligence service, known as the GRU.
Some security experts have written that APT28 was the entity behind the hack of Podesta's emails, but Thursday's report is silent on that claim.
APT28, The Hill reported Thursday, is thought to be the responsible for providing stolen files and emails from both hacking operations to WikiLeaks, which published them online.
The attackers, the two U.S. intelligence agencies reported, executed 'spearphishing' operations that lured computer users to click on links inside emails which led to malicious addresses.

 

[superbeets]

Some of those online destinations fed malware into the victims' computers, which then allowed the code to migrate into the DNC's servers, providing the hackers with long-term access.
The result, the FBI and DHS concluded, was 'the exfiltration of information from multiple senior party members.'
'The U.S. Government assesses that information was leaked to the press and publicly disclosed,' the report declares.
And some Russian intelligence operatives, the agencies write, continued to launch cyber attacks as recently as 'just days after' the November 8 election.