FBI, DHS Report Implicates Cozy Bear, Fancy Bear In Election-Related Hacks

保持社交媒体使用政策的更新很重要,互联网创新技术日新月异,安全策略也应顺应时势,需根据组织的需求及时审核以及更新。

FBI, DHS Report Implicates Cozy Bear, Fancy Bear In Election-Related HacksUS government dubs the operation “GRIZZLY STEPPE” in new Joint Analysis Report, and says the malicious groups’ activity continues.In a Joint Analysis Report (JAR) released today, the Federal Bureau of Investigation and the US Department of Homeland Security officially attributed election-related attacks to two Russian state-sponsored hacking groups: APT28 (also known as Fancy Bear) and APT29 (also known as Cozy Bear). The JAR was released alongside the Obama administration’s announcement of a series of sanctions against Russian officials and other organizations related to the hacking.
职业健康、环境保护、安全生产
The FBI and DHS have dubbed these efforts by Russian civilian and military intelligence services (RIS) to “compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities” with the codename “GRIZZLY STEPPE.”
The JAR – which contains indicators of compromise and extensive mitigation advice for security professionals – also warns that these actors’ malicious behavior is ongoing.
From the JAR:
In summer 2015, an APT29 spearphishing campaign directed emails containing a malicious link to over 1,000 recipients, including multiple U.S. Government victims. APT29 used legitimate TLP:WHITE 3 of 13 TLP:WHITE domains, to include domains associated with U.S. organizations and educational institutions, to host malware and send spearphishing emails. In the course of that campaign, APT29 successfully compromised a U.S. political party. At least one targeted individual activated links to malware hosted on operational infrastructure of opened attachments containing malware. APT29 delivered malware to the political party’s systems, established persistence, escalated privileges, enumerated active directory accounts, and exfiltrated email from several accounts through encrypted connections back through operational infrastructure.
In spring 2016, APT28 compromised the same political party, again via targeted spearphishing. This time, the spearphishing email tricked recipients into changing their passwords through a fake webmail domain hosted on APT28 operational infrastructure. Using the harvested credentials, APT28 was able to gain access and steal content, likely leading to the exfiltration of information from multiple senior party members. The U.S. Government assesses that information was leaked to the press and publicly disclosed.
Read the full details, with technical indicators and detailed mitigation strategies in the JAR, released via US-CERT. 
身份认证技术越来越成熟,除了利用经典的密码进行身份认证之外,利用生物技术如指纹等鉴别用户的身份越来越容易实现,精确度越来越高,成本也越来越低,所以我们开始逐渐在公司普及生物鉴别技术,以提升安全性。

猜您喜欢

侃财丨年底了 谁是谁的KPI?
勿让新员工成为信息安全短板
人人需知的环境保护管理体系基础知识
La Caruna Preview 16-FEITV MP4
PKR COMMERFORDZOO
安全沟通门户建设