More than a dozen staffers were targeted by Unit 26165, including a senior aide. Mueller’s report said “within approximately five hours” of those remarks, GRU officers began targeting for the first time Clinton’s personal office. “I hope you’re able to find the 30,000 emails that are missing,” said then-candidate Trump at a press conference, referring to emails Clinton stored on a personal email server while she headed the State Department. Mueller’s report also found a cause-and-effect between Trump’s remarks in July 2016 and subsequent cyberattacks. Later, tens of thousands of hacked files were funneled to and distributed by WikiLeaks. government, the two GRU-backed personas were shut down by the social media companies. DCLeaks was a website that hosted the hacked material, while Guccifer 2.0 was a hacker-like figure who had a social presence and would engage with reporters. Meanwhile, another GRU hacking unit, Unit 74455, which helped disseminate and publish hacked and stolen documents, pushed the stolen data out through two fictitious personas. In all, some 70 gigabytes of data were exfiltrated from Clinton’s campaign servers and some 300 gigabytes of data were obtained from the DNC’s network.
Those servers, Mueller said, were hosted in Arizona - likely as a way to obfuscate where the attackers were located but also to avoid suspicion or detection. Mueller’s report found that Unit 26165 used several “middle servers” to act as a buffer between the hacked networks and the GRU’s main operations.
The hackers used Mimikatz, a hacking tool used once an intruder is already in a target network, to collect credentials, and two other kinds of malware: X-Agent for taking screenshots and logging keystrokes, and X-Tunnel used to exfiltrate massive amounts of data from the network to servers controlled by the GRU. Mueller formally blamed Unit 26165, a division of the GRU specializing in targeting government and political organizations, for taking on the “primary responsibility for hacking the DCCC and DNC, as well as email accounts of individuals affiliated with the Clinton Campaign,” said the Mueller report. The operatives, known collectively as “Fancy Bear,” comprised several units tasked with specific operations. By stealing the login details of a system administrator who had “unrestricted access” to the network, the hackers broke into 29 computers in the ensuing weeks, and more than 30 computers on the DNC. Using credentials they stole along the way, the hackers broke into the networks of the Democratic Congressional Campaign Committee days later. The GRU hackers also gained access to the email account of John Podesta, Clinton’s campaign chairman, of which its contents were later published. The operatives working for the Russian intelligence directorate, the GRU, sent dozens of targeted spearphishing emails in just five days to the work and personal accounts of Clinton Campaign employees and volunteers, as a way to break into the campaign’s computer systems. But new details in the 488-page redacted report released by the Justice Department on Thursday offered new insight into how the GRU operatives hacked.
0 kommentar(er)
