Russian Hackers: Same IP address used for cyber attacks in US, Ukraine, Germany - ThreatConnect

14:27 Sep. 3, 2016

Same IP address used for cyber attacks in US, Ukraine, Germany - ThreatConnect

Symbolic feature with topic online crime, data theft and piracy and hacker, here close-up of a network cable with a red network connector in front of the silhouette of a person with a laptop in his hands (Getty Images)

Researchers link states' election hacks and suspected Russian digital strikes in Europe

ThreatConnect, a top cybersecurity firm founded by former U.S. military intelligence analysts, investigated the two election database hacks that recently occured in Arizona and Illinois.   

The 5.149.249[.]172 IP address - one of those identified in an FBI flash alert about the hacker attacks in the US states - was used to carry out cyber attacks against members of the Ukrainian Parliament, Turkey's ruling AKP party and Germany's Freedom Party earlier this year, the researchers say in their  report "Can a BEAR Fit Down a Rabbit Hole?".

The campaign "fits a known Russian targeting focus and modus operandi," ThreatConnect said. 

Read also US intelligence chief says Russia behind DNC hack in bid to influence elections

"The combination of the attacks relying on widely available open source tools and the superficial involvement of Russian infrastructure left us thinking Russian attribution was plausible but not certain as we were unable to determine if the attacks were criminally motivated or state sponsored with any confidence. We also were unable to identify any additional ties to malicious activity directed against any other state boards of election.

Read also Kremlin behind cyber-attacks on German parliament - security firm

However, as we looked into the 5.149.249[.]172 IP address within the FBI Flash Bulletin, we uncovered a spearphishing campaign targeting Turkey's ruling Justice and Development (AK) Party, Ukrainian Parliament, and German Freedom Party figures from March – August 2016 that fits a known Russian targeting focus and modus operandi", the researchers say.  

According to Yahoo News, "We've cracked the egg open," Rich Barger, the chief intelligence officer of ThreatConnect and a former U.S. military intelligence analyst. "My gut tells me that with enough evidence, this eventually could point us to Russian state involvement." 

Yahoo News also reports that the release of the ThreatConnect report comes as Russian President Vladimir Putin, in his first public comments on the issue, denied that his government had any role in the recent cyberattack on the Democratic National Committee. Putin said the focus of public attention should be on the content of emails released by WikiLeaks, not on the hackers.

Read also Ukrainian power network was victim of cyber-attack last December: US officials

"Does it even matter who hacked this data from Mrs. Clinton's campaign office?," Putin said. "The important thing is the content that was given to the public."There's no need to distract the public's attention from the essence of the problem by raising some minor issues connected with the search for who did it," he added. "But I want to tell you again, I don't know anything about it, and on a state level Russia has never done this." he said in a Reuters interview.

As was previously reported, Clinton's campaign headquarters were hacked. The hacker was sentenced to four years in prison. 

comments powered by Disqus


Crime11:39 Dec. 10, 2016
Pro-Russia militants keep destroying Ukrainian towns
Crime17:35 Dec. 9, 2016
Militant ex-leader confirms Russian proxies' shelling of Luhansk
Crime17:45 Dec. 8, 2016
Azarov treasures: a secret flat found
Crime13:15 Dec. 8, 2016
Russian proxies pounded village with heavy artillery and blamed Ukraine
Crime18:01 Dec. 7, 2016
Militants' "gift" for the anniversary of Ukraine's Armed Forces
Subscribe to receive regular email updates about Ukraine and Eastern Europe