A deep dive into Russia’s GRU and the intelligence officers involved in helping Trump and Republicans, as ordered by Putin - “Yes I did. Yes I did”.
Current U.S. officials and other experts have linked VPNFilter to a hacking group known as APT28, also called “Fancy Bear.” This entity is widely associated with Russia’s Main Intelligence Directorate (GRU) and has been blamed for breaching the Democratic National Committee in 2016.
Court documents suggested last week that Russia had been involved in VPNFilter.
Simply put, VPNFilter is dangerous because it offers the attacker the ability to both destroy data, rendering the device unusable, and covertly spy on specific targets. With Wednesday’s findings, perhaps the most unsettling new capability discovered by Talos is that VPNFilter can also execute a man-in-the-middle attack on incoming Web traffic that passes through infected routers; giving APT28 an avenue to inject malware into legitimate web applications.
“Initially when we saw this we thought it was primarily made for offensive capabilities like routing attacks around the Internet,” Craig Williams, a senior technology leader and global outreach manager at Talos, told Ars Technica reporter Dan Goodin. “But it appears [attackers] have completely evolved past that, and now not only does it allow them to do that, but they can manipulate everything going through the compromised device. They can modify your bank account balance so that it looks normal while at the same time they’re siphoning off money and potentially PGP keys and things like that. They can manipulate everything going in and out of the device.”
“They’re looking for very specific things,” Williams said. "They’re not trying to gather as much traffic as they can. They’re after certain very small things like credentials and passwords. We don’t have a lot of intel on that other than it seems incredibly targeted and incredibly sophisticated. We’re still trying to figure out who they were using that on.”
To bypass TLS encryption that’s designed to prevent such attacks, ssler actively tries to downgrade HTTPS connections to plaintext HTTP traffic. It then changes request headers to signal that the end point isn’t capable of using encrypted connections.
According to networking security website, FireEye, that concern is justified. The security team discovered a malicious document in several emails sent to "multiple companies in the hospitality industry, including hotels in at least seven European countries and one Middle Eastern country in early July."
The document contained a macro that installs GAMEFISH malware, which is associated with a politically-motivated Russian hacking group known as APT28 (or Fancy Bear). This is allegedly the same group that hacked the Democratic National Committee ahead of last year's US election. Even worse, the tool used after the initial malware installation, EternalBlue, reportedly leaked from the NSA itself.
According to FireEye, the EternalBlue exploit could let hackers access anyone's computer connected to the hotel WiFi and silently gather usernames and passwords without victims even having to type them in. "It's definitely a new technique" for this Russian hacker group, FireEye's Ben Read told Wired. "It's a much more passive way to collect on people. You can just sit there and intercept stuff from the WiFi traffic."
Russian’s batting 3 for 3. Dem’s get pwned. Let the election fixing games begin
The computer network used by Democratic presidential nominee Hillary Clinton’s campaign was hacked as part of a broad cyber attack on Democratic political organizations, people familiar with the matter told Reuters.
Hackers, whom U.S. intelligence officials have concluded were Russian, gained access to the entire network of the fundraising Democratic Congressional Campaign Committee, or DCCC, said people familiar with the matter, detailing the extent of the breach to Reuters for the first time.
Cyber security experts and U.S. officials said earlier this week they had concluded, based on analysis of malware and other aspects of the DNC hack, that Russia engineered the release of hacked Democratic Party emails to influence the U.S. presidential election.
