eBook - ePub
Russian Cyber Attack - Grizzly Steppe Report & The Rules of Cyber Warfare
Hacking Techniques Used to Interfere the U.S. Election and to Exploit Government & Private Sectors, Recommended Mitigation Strategies and International Cyber-Conflict Law
U.S. Department of Defense, Department of Homeland Security, Federal Bureau of Investigation, Strategic Studies Institute, United States Army War College
This is a test
- 77 Seiten
- English
- ePUB (handyfreundlich)
- Über iOS und Android verfügbar
eBook - ePub
Russian Cyber Attack - Grizzly Steppe Report & The Rules of Cyber Warfare
Hacking Techniques Used to Interfere the U.S. Election and to Exploit Government & Private Sectors, Recommended Mitigation Strategies and International Cyber-Conflict Law
U.S. Department of Defense, Department of Homeland Security, Federal Bureau of Investigation, Strategic Studies Institute, United States Army War College
Angaben zum Buch
Buchvorschau
Inhaltsverzeichnis
Quellenangaben
Über dieses Buch
Cyber attacks are a real threat to our country. This report presents the opposed views of USA and Russia on cyber security and gives insight into the activities of the Russian civilian and military intelligence Services (RIS) conducted during the 2016 U.S. presidential election campaign. The Grizzly Steppe Report provides details regarding the tools and hacking techniques used by the Russian hackers in order to interfere the 2016 U.S. elections. This activity by RIS is just part of an ongoing campaign of cyber-enabled operations directed at the U.S. government and its citizens. These cyber operations have included spearphishing campaigns targeting government organizations, critical infrastructure entities, think tanks, universities, political organizations, and corporations leading to the theft of information. In foreign countries, RIS actors conducted damaging and/or disruptive cyber-attacks, including attacks on critical infrastructure networks. In some cases, RIS actors masqueraded as third parties, hiding behind false online personas designed to cause the victim to misattribute the source of the attack. This report provides technical indicators related to many of these operations, recommended mitigations, suggested actions to take in response to the indicators provided, and information on how to report such incidents to the U.S. Government.The edition also provides crucial information on the legality of hostile cyber activity at state level. While the United States and its allies are in general agreement on the legal status of conflict in cyberspace, China, Russia, and a number of like-minded nations have an entirely different concept of the applicability of international law to cyberspace.
Häufig gestellte Fragen
Wie kann ich mein Abo kündigen?
Gehe einfach zum Kontobereich in den Einstellungen und klicke auf „Abo kündigen“ – ganz einfach. Nachdem du gekündigt hast, bleibt deine Mitgliedschaft für den verbleibenden Abozeitraum, den du bereits bezahlt hast, aktiv. Mehr Informationen hier.
(Wie) Kann ich Bücher herunterladen?
Derzeit stehen all unsere auf Mobilgeräte reagierenden ePub-Bücher zum Download über die App zur Verfügung. Die meisten unserer PDFs stehen ebenfalls zum Download bereit; wir arbeiten daran, auch die übrigen PDFs zum Download anzubieten, bei denen dies aktuell noch nicht möglich ist. Weitere Informationen hier.
Welcher Unterschied besteht bei den Preisen zwischen den Aboplänen?
Mit beiden Aboplänen erhältst du vollen Zugang zur Bibliothek und allen Funktionen von Perlego. Die einzigen Unterschiede bestehen im Preis und dem Abozeitraum: Mit dem Jahresabo sparst du auf 12 Monate gerechnet im Vergleich zum Monatsabo rund 30 %.
Was ist Perlego?
Wir sind ein Online-Abodienst für Lehrbücher, bei dem du für weniger als den Preis eines einzelnen Buches pro Monat Zugang zu einer ganzen Online-Bibliothek erhältst. Mit über 1 Million Büchern zu über 1.000 verschiedenen Themen haben wir bestimmt alles, was du brauchst! Weitere Informationen hier.
Unterstützt Perlego Text-zu-Sprache?
Achte auf das Symbol zum Vorlesen in deinem nächsten Buch, um zu sehen, ob du es dir auch anhören kannst. Bei diesem Tool wird dir Text laut vorgelesen, wobei der Text beim Vorlesen auch grafisch hervorgehoben wird. Du kannst das Vorlesen jederzeit anhalten, beschleunigen und verlangsamen. Weitere Informationen hier.
Ist Russian Cyber Attack - Grizzly Steppe Report & The Rules of Cyber Warfare als Online-PDF/ePub verfügbar?
Ja, du hast Zugang zu Russian Cyber Attack - Grizzly Steppe Report & The Rules of Cyber Warfare von U.S. Department of Defense, Department of Homeland Security, Federal Bureau of Investigation, Strategic Studies Institute, United States Army War College im PDF- und/oder ePub-Format sowie zu anderen beliebten Büchern aus Computer Science & Cyber Security. Aus unserem Katalog stehen dir über 1 Million Bücher zur Verfügung.
Information
Thema
Computer ScienceThema
Cyber SecurityRussian Cyber Attack - Grizzly Steppe Report & The Rules of Cyber Warfare
Madison & Adams Press, 2017. No claim to original U.S. Government Works
Contact [email protected]
Contact [email protected]
ISBN 978-80-268-7553-6
This is a publication of Madison & Adams Press. Our production consists of thoroughly prepared educational & informative editions: Advice & How-To Books, Encyclopedias, Law Anthologies, Declassified Documents, Legal & Criminal Files, Historical Books, Scientific & Medical Publications, Technical Handbooks and Manuals. All our publications are meticulously edited and formatted to the highest digital standard. The main goal of Madison & Adams Press is to make all informative books and records accessible to everyone in a high quality digital and print form.
Table of Contents
Russian Cyber Activity
Cyberspace Warfare
Russian Cyber Activity
Table of Contents
Summary
Description
Technical Details
Injection Flaws
Cross-site scripting (XSS) vulnerabilities
Server vulnerabilities
Recommended Mitigations
Detailed Mitigation Strategies
Contact Information
Feedback
Summary
Table of Contents
This Joint Analysis Report (JAR) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This document provides technical details regarding the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities. The U.S. Government is referring to this malicious cyber activity by RIS as GRIZZLY STEPPE.
Previous JARs have not attributed malicious cyber activity to specific countries or threat actors. However, public attribution of these activities to RIS is supported by technical indicators from the U.S. Intelligence Community, DHS, FBI, the private sector, and other entities. This determination expands upon the Joint Statement released October 7, 2016, from the Department of Homeland Security and the Director of National Intelligence on Election Security.
Joint Statement from the Department Of Homeland Security and Office of the Director of National Intelligence on Election Security
The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations. The recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts. These thefts and disclosures are intended to interfere with the US election process. Such activity is not new to Moscow—the Russians have used similar tactics and techniques across Europe and Eurasia, for example, to influence public opinion there. We believe, based on the scope and sensitivity of these efforts, that only Russia's senior-most officials could have authorized these activities.
Some states have also recently seen scanning and probing of their election-related systems, which in most cases originated from servers operated by a Russian company. However, we are not now in a position to attribute this activity to the Russian Government. The USIC and the Department of Homeland Security (DHS) assess that it would be extremely difficult for someone, including a nation-state actor, to alter actual ballot counts or election results by cyber attack or intrusion. This assessment is based on the decentralized nature of our election system in this country and the number of protections state and local election officials have in place. States ensure that voting machines are not connected to the Internet, and there are numerous checks and balances as well as extensive oversight at multiple levels built into our election process.
Nevertheless, DHS continues to urge state and local election officials to be vigilant and seek cybersecurity assistance from DHS. A number of states have already done so. DHS is providing several services to state and local election officials to assist in their cybersecurity. These services include cyber “hygiene” scans of Internet-facing systems, risk and vulnerability assessments, information sharing about cyber incidents, and best practices for securing voter registration databases and addressing potential cyber threats. DHS has convened an Election Infrastructure Cybersecurity Working Group with experts across all levels of government to raise awareness of cybersecurity risks potentially affecting election infrastructure and the elections process. Secretary Johnson and DHS officials are working directly with the National Association of Secretaries of State to offer assistance, share information, and provide additional resources to state and local officials.
This activity by RIS is part of an ongoing campaign of cyber-enabled operations directed at the U.S. government and its citizens. These cyber operations have included spearphishing campaigns targeting government organizations, critical infrastructure entities, think tanks, universities, political organizations, and corporations leading to the theft of information. In foreign countries, RIS actors conducted damaging and/or disruptive cyber-attacks, including attacks on critical infrastructure networks. In some cases, RIS actors masqueraded as third parties, hiding behind false online personas designed to cause the victim to misattribute the source of the attack. This JAR provides technical indicators related to many of these operations, recommended mitigations, suggested actions to take in response to the indicators provided, and information on how to report such incidents to the U.S. Government.
Description
Table of Contents
The U.S. Government confirms that two different RIS actors participated in the intrusion into a U.S. political party. The first actor group, known as Advanced Persistent Threat (APT) 29, entered into the party’s systems in summer 2015, while the second, known as APT28, entered in spring 2016.
Figure 1: The tactics and techniques used by APT29 and APT 28 to conduct cyber intrusions against target systems
Both groups have historically targeted government organizations, think tanks, universities, and corporations around the world. APT29 has been observed crafting targeted spearphishing campaigns leveraging web links to a malicious dropper; once executed, the code delivers Remote Access Tools (RATs) and evades detection using a range of techniques. APT28 is known for leveraging domains that closely mimic those of targeted organizations and tricking potential victims into entering legitimate credentials. APT28 actors relied heavily on shortened URLs in their spearphishing email campaigns. Once APT28 and APT29 have access to victims, both groups exfiltrate and analyze information to gain intelligence value. These groups use this information to craft highly targeted spearphishing campaigns. These actors set up operational infrastructure to obfuscate their source infrastructure, host domains and malware for targeting organizations, establish command and control nodes, and harvest credentials and other valuable information from their targets.
In summer 2015, an APT29 spearphishing campaign directed emails containing a malicious link to over 1,000 recipients, including multiple U.S. Government victims. APT29 used legitimate domains, to include domains associated with U.S. organizations and educational institutions, to host malware and send spearphishing emails. In the course of that campaign, APT29 successfully compromised a U.S. political party. At least one targeted individual activated links to malware hosted on operational infrastructure of opened attachments containing malware. APT29 delivered malware to the political party’s systems, established persistence, escalated privileges, enumerated active directory accounts, and exfiltrated email from several accounts through encrypted connections back through operational infrastructure.
In spring 2016, APT28 compromised the same political party, again via targeted spearphishing. This time, the spearphishing email tricked recipients into changing their passwords through a fake webmail domain hosted on APT28 operational infrastructure. Using the harvested credentials, APT28 was able to gain access and steal content, likely leading to the exfiltration of information from multiple senior party members. The U.S. Government assesses that information was leaked to the press and publicly disclosed.
Figure 2: APT28's Use of Spearphishing and Stolen Credentials
Actors likely associated with RIS are continuing to engage in spearphishing campaigns, including one launched as recently as November 2016, just days after the U.S. election.
| Alternate Names |
| APT28 |
| APT29 |
| Agent.btz |
| BlackEnergy V3 |
| BlackEnergy2 APT |
| CakeDuke |
| Carberp |
| CHOPSTICK |
| CloudDuke |
| CORESHELL |
| CosmicDuke |
| COZYBEAR |
| COZYCAR |
| COZYDUKE |
| Crouching Yeti |
| DIONIS |
| Dragonfly |
| Energetic Bear |
| EVILTOSS |
| Fancy Bear |
| GeminiDuke |
| GREY CLOUD |
| HammerDuke |
| HAMMERTOSS |
| Havex |
| MiniDionis |
| MiniDuke |
| OLDBAIT |
| OnionDuke |
| Operation Pawn Storm |
| PinchDuke |
| Powershell backdoor |
| Quedagh |
| Sandworm |
| SEADADDY |
| Seaduke |
| SEDKIT |
| SEDNIT |
| Skipper |
| Sofacy |
| SOURFACE |
| SYNful Knock |
| Tiny Baron |
| Tsar Team |
| twain_64.dll (64-bit X-Agent implant) |
| VmUpgradeHelper.exe (X-Tunnel implant) |
| Waterbug |
| X-Agent |
Technical Details
Table of Contents
Indicators of Compromise (IOCs)
IOCs associated with RIS cyber actors are provided within the accompanying .csv and .stix files of JAR-16-20296.
Yara Signature
rule PAS_TOOL_PHP_WEB_KIT
{
meta:
description = "PAS TOOL PHP WEB KIT FOUND"
strings:
$php = "<?php"
$base64decode = /\:'base'\.\(\d+\*\d+\)\.'_de'\.'code'/
$strreplace = "(str_replace("
$md5 = ".substr(md5(strrev("
$gzinflate = "gzinflate"
$cookie = "_COOKIE"
$isset = "isset"
condition:
(filesize > 20KB and filesize < 22KB) and
#cookie == 2 and
#isse...
{
meta:
description = "PAS TOOL PHP WEB KIT FOUND"
strings:
$php = "<?php"
$base64decode = /\:'base'\.\(\d+\*\d+\)\.'_de'\.'code'/
$strreplace = "(str_replace("
$md5 = ".substr(md5(strrev("
$gzinflate = "gzinflate"
$cookie = "_COOKIE"
$isset = "isset"
condition:
(filesize > 20KB and filesize < 22KB) and
#cookie == 2 and
#isse...
Inhaltsverzeichnis
- Russian Cyber Attack - Grizzly Steppe Report & The Rules of Cyber Warfare
Zitierstile für Russian Cyber Attack - Grizzly Steppe Report & The Rules of Cyber Warfare
APA 6 Citation
Defense, D., Security, D. H., Investigation, F. B., Studies, S., & College, U. S. A. W. (2017). Russian Cyber Attack - Grizzly Steppe Report & The Rules of Cyber Warfare ([edition unavailable]). Madison & Adams Press. Retrieved from https://www.perlego.com/book/1888733/russian-cyber-attack-grizzly-steppe-report-the-rules-of-cyber-warfare-hacking-techniques-used-to-interfere-the-us-election-and-to-exploit-government-private-sectors-recommended-mitigation-strategies-and-international-cyberconflict-law-pdf (Original work published 2017)
Chicago Citation
Defense, Department, Department Homeland Security, Federal Bureau Investigation, Strategic Studies, and United States Army War College. (2017) 2017. Russian Cyber Attack - Grizzly Steppe Report & The Rules of Cyber Warfare. [Edition unavailable]. Madison & Adams Press. https://www.perlego.com/book/1888733/russian-cyber-attack-grizzly-steppe-report-the-rules-of-cyber-warfare-hacking-techniques-used-to-interfere-the-us-election-and-to-exploit-government-private-sectors-recommended-mitigation-strategies-and-international-cyberconflict-law-pdf.
Harvard Citation
Defense, D. et al. (2017) Russian Cyber Attack - Grizzly Steppe Report & The Rules of Cyber Warfare. [edition unavailable]. Madison & Adams Press. Available at: https://www.perlego.com/book/1888733/russian-cyber-attack-grizzly-steppe-report-the-rules-of-cyber-warfare-hacking-techniques-used-to-interfere-the-us-election-and-to-exploit-government-private-sectors-recommended-mitigation-strategies-and-international-cyberconflict-law-pdf (Accessed: 15 October 2022).
MLA 7 Citation
Defense, Department et al. Russian Cyber Attack - Grizzly Steppe Report & The Rules of Cyber Warfare. [edition unavailable]. Madison & Adams Press, 2017. Web. 15 Oct. 2022.