14:27 Sep. 3, 2016
Researchers link states' election hacks and suspected Russian digital strikes in Europe
ThreatConnect, a top cybersecurity firm founded by former U.S. military intelligence analysts, investigated the two election database hacks that recently occured in Arizona and Illinois.
The 5.149.249[.]172 IP address - one of those identified in an FBI flash alert about the hacker attacks in the US states - was used to carry out cyber attacks against members of the Ukrainian Parliament, Turkey's ruling AKP party and Germany's Freedom Party earlier this year, the researchers say in their report "Can a BEAR Fit Down a Rabbit Hole?".
The campaign "fits a known Russian targeting focus and modus operandi," ThreatConnect said.
"The combination of the attacks relying on widely available open source tools and the superficial involvement of Russian infrastructure left us thinking Russian attribution was plausible but not certain as we were unable to determine if the attacks were criminally motivated or state sponsored with any confidence. We also were unable to identify any additional ties to malicious activity directed against any other state boards of election.
However, as we looked into the 5.149.249[.]172 IP address within the FBI Flash Bulletin, we uncovered a spearphishing campaign targeting Turkey's ruling Justice and Development (AK) Party, Ukrainian Parliament, and German Freedom Party figures from March – August 2016 that fits a known Russian targeting focus and modus operandi", the researchers say.
According to Yahoo News, "We've cracked the egg open," Rich Barger, the chief intelligence officer of ThreatConnect and a former U.S. military intelligence analyst. "My gut tells me that with enough evidence, this eventually could point us to Russian state involvement."
Yahoo News also reports that the release of the ThreatConnect report comes as Russian President Vladimir Putin, in his first public comments on the issue, denied that his government had any role in the recent cyberattack on the Democratic National Committee. Putin said the focus of public attention should be on the content of emails released by WikiLeaks, not on the hackers.
"Does it even matter who hacked this data from Mrs. Clinton's campaign office?," Putin said. "The important thing is the content that was given to the public."There's no need to distract the public's attention from the essence of the problem by raising some minor issues connected with the search for who did it," he added. "But I want to tell you again, I don't know anything about it, and on a state level Russia has never done this." he said in a Reuters interview.
As was previously reported, Clinton's campaign headquarters were hacked. The hacker was sentenced to four years in prison.