The Associated Press is reporting on a trove of data accidentally leaked by the Russian-backed advanced persistent threat (APT) group known as Fancy Bear that suggests the group conducted a years-long campaign against targets in the US, Ukraine, Russia, Georgia and Syria.
The documents, which were discovered by the security firm Secureworks, provide the most detailed look yet into the inner workings of the Fancy Bear group’s efforts to compromise individual targets, and suggests that reports the Russian government was behind the hacking of Hillary Clinton’s Presidential campaign are accurate.
From the article:
Secureworks stumbled upon the data after a hacking group known as Fancy Bear accidentally exposed part of its phishing operation to the internet. The list revealed a direct line between the hackers and the leaks that rocked the presidential contest in its final stages, most notably the private emails of Clinton campaign chairman John Podesta.
The issue of who hacked the Democrats is back in the national spotlight following the revelation Monday that a Donald Trump campaign official, George Papadopoulos, was briefed early last year that the Russians had “dirt” on Clinton, including “thousands of emails.”Kremlin spokesman Dmitry Peskov called the notion that Russia interfered “unfounded.” But the list examined by AP provides powerful evidence that the Kremlin did just that.
“This is the Kremlin and the general staff,” said Andras Racz, a specialist in Russian security policy at Pazmany Peter Catholic University in Hungary, as he examined the data.“I have no doubts.”
In the United States, the group targeted “at least 573 inboxes” many belonging to individuals in the top ranks of the U.S.’s diplomatic and security services including then-Secretary of State John Kerry, former Secretary of State Colin Powell, then-NATO Supreme Commander, U.S. Air Force Gen. Philip Breedlove, and one of his predecessors, U.S. Army Gen. Wesley Clark, a review of the trove concluded.
Senior members of the Democratic Party were targeted and a small list of Republicans, as well. AP reports that “more than 130 (Democratic) party workers, campaign staffers and supporters of the party were targeted, including (John) Podesta and other members of Clinton’s inner circle.”
The upper echelons of Ukraine’s government were targeted as well, including that country’s President Petro Poroshenko, his son Alexei and Serhiy Leshchenko, an opposition parliamentarian who helped uncover the off-the-books payments allegedly made to Trump campaign chairman Paul Manafort.
The group’s targets are diverse – but consistent in being critics of Russia and the Putin administration. “It’s a wish list of who you’d want to target to further Russian interests,” Keir Giles, director of the Conflict Studies Research Center in Cambridge, England told AP, calling the data “a master list of individuals whom Russia would like to spy on, embarrass, discredit or silence.”
In related news, the security firm ThreatConnect revealed the details of a campaign, believed linked to Fancy Bear, that targeted the Citizen Journalism website Bellingcat, which helped to uncover links between the Russian military and the downing of Malaysian Airlines Flight 17 over Ukraine in July, 2014. Among the data turned over to ThreatConnect were phishing pages designed to look like Google password reset pages. Similar bait was used to target Hillary Clinton aide John Podesta in 2016. ThreatConnect noted that the group employed a new tactic: using Google Blogspot URLs in their spear-phishing email messages to help evade security and anti-phishing tools.
Read more here: Russia hackers had targets worldwide, beyond US election