Malware From DNC Hack Now Found in Ukraine App, CrowdStrike Says

christiefan915

christiefan915

Catalyst
Contributor
(Bloomberg) -- The same malicious code that breached the U.S. Democratic National Committee’s computer networks ahead of the presidential election has appeared in Ukraine, providing further evidence linking Russian military intelligence to far-reaching hacking attacks, according to cybersecurity firm CrowdStrike Inc.

In June, CrowdStrike disclosed that a Russian cyber group it dubbed Fancy Bear used malware to gain access to the DNC, which hired the cybersecurity firm to respond to the breach. Since then, CrowdStrike researchers have discovered a version of the same code designed to infiltrate an Android mobile application used by Ukrainian artillery forces to rapidly pinpoint targeting data for the D-30 Howitzer, a Soviet-era weapon, Dmitri Alperovitch, CrowdStrike’s chief technology officer, said in a phone interview.

“They put the same malware they used in DNC," but this time it was designed for an Android application instead of computer systems using Microsoft Corp’s Windows software as in the DNC, he said. “This is a pretty significant piece of evidence.”

The source code found in the Ukrainian app is not publicly available nor is it found in underground criminal web forums, and is only associated with Fancy Bear, Alperovitch said...

The finding underscores CrowdStrike’s previous assessment that Fancy Bear is affiliated with the GRU, or Russian military intelligence, and “works closely with Russian military forces operating in Eastern Ukraine and its border regions in Russia,” the report said. Russian officials have repeatedly denied accusations of hacking...

Because people are asking for more evidence that Russia is responsible for the hacks, Alperovitch said he wanted to make public the latest links. The Ukrainian and DNC malware demonstrates CrowdStrike’s “much higher level of confidence” that the cyber-attacks are the work of Russian intelligence.

http://washpost.bloomberg.com/Story?docId=1376-OIKEHI6KLVSY01-2DKAO06QNNKQF0HSVGTIRC34B3
 
It doesn't matter if Russia was involved in the hacks or not. I don't think they were but even if they did it the issue is what was written by the Dems. No one put words in their mouths. Their wounds were self-inflicted.
 
The finding underscores CrowdStrike’s previous assessment that Fancy Bear is affiliated with the GRU, or Russian military intelligence, and “works closely with Russian military forces operating i
Click to expand...
I don't follow the logic? Is Fancy Bear a Russian NGO?

PS. who's gonna win the Christmas Day Ravens vs. Steelers game? :)
 
anatta said:
I don't follow the logic? Is Fancy Bear a Russian NGO?

PS. who's gonna win the Christmas Day Ravens vs. Steelers game? :)
Click to expand...

I googled Fancy Bear...

Fancy Bear (also known as APT28, Pawn Storm, Sofacy Group, Sednit and STRONTIUM) is a cyber espionage group. Cybersecurity firm CrowdStrike has said with a medium level of confidence that it is associated with the Russian military intelligence agency GRU.[SUP][2][/SUP] Security firms SecureWorks,[SUP][3][/SUP] ThreatConnect,[SUP][4][/SUP] and Fireeye's Mandiant[SUP][5][/SUP] have also said the group is sponsored by the Russian government.

Likely operating since the mid-2000s, Fancy Bear's methods are consistent with the capabilities of nation-state actors. The threat group is known to target government, military, and security organizations, especially Transcaucasian and NATO-aligned states. Fancy Bear is thought to be responsible for cyber attacks on the German parliament, the French television station TV5Monde, the White House, NATO, and the Democratic National Committee.

Fancy Bear's behaviour has been classified as an advanced persistent threat. They employ zero-day vulnerabilities and use spear phishing and malware to compromise targets.

wikipedia
 
Guille said:
It doesn't matter if Russia was involved in the hacks or not. I don't think they were but even if they did it the issue is what was written by the Dems. No one put words in their mouths. Their wounds were self-inflicted.
Click to expand...

And that is the point that the pinheads don't want you to dwell on....they are experts at changing the narrative to Russia when the important

thing is the CONTENTS of the emails.....I'll take the truth first no matter who the messenger is.....
 
christiefan915 said:
(Bloomberg) -- The same malicious code that breached the U.S. Democratic National Committee’s computer networks ahead of the presidential election has appeared in Ukraine, providing further evidence linking Russian military intelligence to far-reaching hacking attacks, according to cybersecurity firm CrowdStrike Inc.

In June, CrowdStrike disclosed that a Russian cyber group it dubbed Fancy Bear used malware to gain access to the DNC, which hired the cybersecurity firm to respond to the breach. Since then, CrowdStrike researchers have discovered a version of the same code designed to infiltrate an Android mobile application used by Ukrainian artillery forces to rapidly pinpoint targeting data for the D-30 Howitzer, a Soviet-era weapon, Dmitri Alperovitch, CrowdStrike’s chief technology officer, said in a phone interview.

“They put the same malware they used in DNC," but this time it was designed for an Android application instead of computer systems using Microsoft Corp’s Windows software as in the DNC, he said. “This is a pretty significant piece of evidence.”

The source code found in the Ukrainian app is not publicly available nor is it found in underground criminal web forums, and is only associated with Fancy Bear, Alperovitch said...

The finding underscores CrowdStrike’s previous assessment that Fancy Bear is affiliated with the GRU, or Russian military intelligence, and “works closely with Russian military forces operating in Eastern Ukraine and its border regions in Russia,” the report said. Russian officials have repeatedly denied accusations of hacking...

Because people are asking for more evidence that Russia is responsible for the hacks, Alperovitch said he wanted to make public the latest links. The Ukrainian and DNC malware demonstrates CrowdStrike’s “much higher level of confidence” that the cyber-attacks are the work of Russian intelligence.

http://washpost.bloomberg.com/Story?docId=1376-OIKEHI6KLVSY01-2DKAO06QNNKQF0HSVGTIRC34B3
Click to expand...

On June 14, the Democratic National Committee reported that it was the victim of a data breach, allegedly by attackers from Russia. On June 15, a hacker identified only as "Guccifer" emerged, claiming responsibility for the breach, denying any connection to Russia and refuting security firm CrowdStrike's research on the attack.

For CrowdStrike's part, co-founder Dmitri Alperovitch told eWEEK in a brief email exchange that everything is not as it seems.

When the DNC discovered that it had been the victim of a data breach, it called in CrowdStrike to investigate. CrowdStrike determined that the DNC had been hacked by two different Russia-based groups that it identified as FuzzyBear and CozyBear.

"Worldwide known cyber security company CrowdStrike announced that the Democratic National Committee (DNC) servers had been hacked by 'sophisticated' hacker groups," Guccifer wrote in a public disclosure. "I'm very pleased the company appreciated my skills so highly))) But in fact, it was easy, very easy."

Guccifer claims to have been the first to hack the DNC, but won't necessarily be the last. In an attempt to validate the DNC hack claims, Guccifer published multiple reports that allegedly were stolen from the DNC servers, including one on Donald Trump dated Dec. 19, 2015, a list of DNC donors and Hillary Clinton emails.

"The main part of the papers, thousands of files and mails, I gave to Wikileaks," Guccifer wrote. "They will publish them soon."

For his part, presumptive Republican presidential candidate Donald Trump has his own unique views on the DNC hack.

"We believe it was the DNC that did the 'hacking' as a way to distract from the many issues facing their deeply flawed candidate and failed party leader," Trump said in a statement.

Despite the claims made by Guccifer, CrowdStrike is standing by its research and attribution. In a statement CrowdStrike sent to eWEEK, the company noted that the Guccifer blog post presents documents alleged to have originated from the DNC.

"Whether or not this posting is part of a Russian Intelligence disinformation campaign, we are exploring the documents' authenticity and origin," CrowdStrike stated. "Regardless, these claims do nothing to lessen our findings relating to the Russian government's involvement, portions of which we have documented for the public and the greater security community."

Tomer Weingarten, CEO of security firm SentinelOne, said his firm's research team has not been actively investigating any specific group or individual in the case of the DNC hack but, when the code from the hack was released, SentinelOne immediately traced it back to some publicly available techniques that are typically used to evade antivirus software.

"Nothing about the technique seemed all that sophisticated—in fact, we thought it was slightly atypical for a government-grade attack to use publicly known techniques," Weingarten told eWEEK.

In almost every hack, accurate attribution is difficult because there rarely is a smoking gun, according to Weingarten. What's more important than attribution, he said, is the need to understand and investigate the breadth and depth of a hack.

"Attribution is hard—not always accurate, but in some cases doable," Weingarten said. "And who knows—maybe there were multiple hackers inside the DNC network."

http://www.eweek.com/security/hacker-guccifer-claims-responsibility-for-dnc-breach.html
 
NOVA said:
And that is the point that the pinheads don't want you to dwell on....they are experts at changing the narrative to Russia when the important

thing is the CONTENTS of the emails.....I'll take the truth first no matter who the messenger is.....
Click to expand...

We all know spying and hacking goes on among governments but it takes a lot of chutzpah to think that what happened to the DNC can't happen to you. And it takes some idiocy to think Putin is the conservatives' friend when the bottom line is that he's a cold-blooded former KGB agent and wouldn't hesitate to crap on trump if it served his interests.
 
christiefan915 said:
We all know spying and hacking goes on among governments but it takes a lot of chutzpah to think that what happened to the DNC can't happen to you. And it takes some idiocy to think Putin is the conservatives' friend when the bottom line is that he's a cold-blooded former KGB agent and wouldn't hesitate to crap on trump if it served his interests.
Click to expand...
Trump is a dupe to anyone who has nice things about him, it's so sad, he must have felt really insignificant compared to his siblings, he needs lots of positive reenforcement to function.
 
how fucking crazy is it for the entire right to LIE for Putin while trashing the American intel system
 
NOVA said:
And that is the point that the pinheads don't want you to dwell on....they are experts at changing the narrative to Russia when the important

thing is the CONTENTS of the emails.....I'll take the truth first no matter who the messenger is.....
Click to expand...

Is that an approval of Russia/foreign powers interfering in our elections??
 
I wonder if dems would feel better if illegal immigrants had hacked podesta's emails to expose the truth about the dnc.

Maybe I'll set up a poll for dems only.

Q: Would you feeeeeel better about yourselves if illegal immigrants had hacked Pedesta's emails to expose the racism and cheating by the dnc against their own candidates?

1. Yes
2. No
 
christiefan915 said:
We all know spying and hacking goes on among governments but it takes a lot of chutzpah to think that what happened to the DNC can't happen to you. And it takes some idiocy to think Putin is the conservatives' friend when the bottom line is that he's a cold-blooded former KGB agent and wouldn't hesitate to crap on trump if it served his interests.
Click to expand...

Thats all true Cfan.....we agree (and your trying to change the narrative as usual....)


but then so is my post below

quote_icon.png
Originally Posted by NOVA
And that is the point that the pinheads don't want you to dwell on....they are experts at changing the narrative to Russia when the important

thing is the CONTENTS of the emails.....I'll take the truth first no matter who the messenger is.....
 
It took awhile until I was able to figure out what the email hacking fuss was all about. When it was first reported that Russia had interfered in our election, I thought there was evidence that the Russians had hacked into voting machines and manipulated the vote count for Donald Trump. This was a real concern to me, as it should for any American.

Imagine my surprise that the Democrats' real complaint was that the email accounts of the Democratic National Committee, John Podesta, Donna Brazile and others had being hacked, exposing their shenanigans during the primaries and the general campaign. Questions being given to Hillary Clinton in advance of debates, violence by fake Trump supporters, disrespecting major portions of the population, blatant racism, etc. So who cares who revealed their duplicity? Quoting Clinton: "What difference does it make?" If one criminal rats out another criminal, we can still prosecute the criminal.

I don't think Trump supporters voted for him because Democrats were exposed as scumbags. The revelations merely confirmed their decision. The nefarious dealings of the Clinton machine are more of a threat to our democracy than any hacker, regardless of who it may be. Maybe Democrats should just be more ethical.
http://www.mcall.com/opinion/letters/mc-gruenke-email-hacking-20161220-story.html
 
christiefan915 said:
I googled Fancy Bear...

Fancy Bear (also known as APT28, Pawn Storm, Sofacy Group, Sednit and STRONTIUM) is a cyber espionage group. Cybersecurity firm CrowdStrike has said with a medium level of confidence that it is associated with the Russian military intelligence agency GRU.[SUP][2][/SUP] Security firms SecureWorks,[SUP][3][/SUP] ThreatConnect,[SUP][4][/SUP] and Fireeye's Mandiant[SUP][5][/SUP] have also said the group is sponsored by the Russian government.

Likely operating since the mid-2000s, Fancy Bear's methods are consistent with the capabilities of nation-state actors. The threat group is known to target government, military, and security organizations, especially Transcaucasian and NATO-aligned states. Fancy Bear is thought to be responsible for cyber attacks on the German parliament, the French television station TV5Monde, the White House, NATO, and the Democratic National Committee.

Fancy Bear's behaviour has been classified as an advanced persistent threat. They employ zero-day vulnerabilities and use spear phishing and malware to compromise targets.

wikipedia
Click to expand...
Crowdstrike is a commercial company that sells security solutions, it is in their interest to create fear, uncertainty and doubt aka the FUD factor. Can't help thinking that the DNC will be one of their customers in future. Again I must point out that if you are as big an idiot as Podesta then you deserve to be hacked!!

Sent from my Lenovo K52e78 using Tapatalk
 
You must log in or register to reply here.
Back
Top