WASHINGTON -- U.S. intelligence services don’t often release the details of their analysis, but Thursday they did as part of an ongoing effort to pull back the curtain on what U.S. officials believe is malicious Russian cyber activity code named Grizzly Steppe.
Investigators believe the initial cyberattack of Democratic Party officials began in the summer of 2015.
The first hacking unit, dubbed APT29, sent out a barrage of emails containing a “malicious link to over 1,000 recipients, including multiple U.S. government victims.” Once someone clicked on the link, the hackers were in the system.
According to the document, the hackers “successfully compromised” the “U.S. political party” and stole “email from several accounts.”
About a year later, in the spring of 2016, another hacking unit called APT28 also targeted Democratic Party officials, and once again deployed malicious emails that “tricked recipients into changing their passwords.” According to U.S. intelligence officials, that hack likely gave Russian operatives access to the information of senior Democratic Party officials, which was then “leaked to the press and publicly disclosed.”
Russia has denied the allegations, but a U.S. official said, “I would never expect Russia to come out with their hands up and acknowledge what they did.”
While the public largely became aware of the cyber attacks during the Democratic National Convention, U.S. officials believe that for about a decade Russian intelligence services have been conducting cyber espionage on a wide range of targets in the country.
Investigators allege that Russian-backed cyberattacks have stolen information from and disrupted U.S. government organizations, critical infrastructure, think tanks, universities, political organizations and corporations.
U.S. investigators are going public with this analysis, in part because they suspect that Russian hacking units have likely hit targets they aren’t aware of. Officials say they have no reason to believe the cyberattacks will stop.