'Cozy Bear' & 'Fancy Bear' Attack: Russian Hackers Infiltrate DNC Computers

Published on

'Cozy Bear' & 'Fancy Bear' Attack: Russian Hackers Infiltrate DNC Computers

Two separate groups from Russia penetrated Democratic National Committee's computer network and spied on all communications

"It's the job of every foreign intelligence service to collect intelligence against their adversaries," commented a former head of the FBI's cyber division. (Photo: Christiaan Colen/flickr/cc)

Two separate groups associated with Russian intelligence agencies hacked into the Democratic National Committee (DNC) computer network, spying on communications and stealing research on Donald Trump, the Washington Post reported on Tuesday.

The Post described the extent of the intrusion:

The intruders so thoroughly compromised the DNC's system that they also were able to read all email and chat traffic, said DNC officials and the security experts.

The intrusion into the DNC was one of several targeting American political organizations. The networks of presidential candidates Hillary Clinton and Donald Trump were also targeted by Russian spies, as were the computers of some GOP political action committees, U.S. officials said. But details on those cases were not available.

"It's the job of every foreign intelligence service to collect intelligence against their adversaries," explained Shawn Henry, president of CrowdStrike, the cyber firm called in to handle the DNC breach and a former head of the FBI's cyber division, in an interview with the Post. "We're perceived as an adversary of Russia. Their job when they wake up every day is to gather intelligence against the policies, practices and strategies of the U.S. government."

Dmitri Alperovitch, CrowdStrike co-founder and chief technology officer, agreed, writing in a blog post: "the upcoming U.S. election, and the associated candidates and parties are of critical interest to both hostile and friendly nation states," he wrote. "The 2016 presidential election has the world's attention, and leaders of other states are anxiously watching and planning for possible outcomes."

No donor financial or contact information was breached, the Washington Post reported.

"Attacks against electoral candidates and the parties they represent are likely to continue up until the election in November," Alperovitch added.

DNC leaders first learned that something was awry in April, when chief executive Amy Darcey was told that the organization's IT team had detected unusual activity. Darcey reached out to Henry for assistance.

CrowdStrike quickly identified that the hackers were two groups it had dealt with before. One group that CrowdStrike has named Cozy Bear first infiltrated the DNC's network last summer and was monitoring employees' chat and email communications, while the other, dubbed Fancy Bear, only gained access in April. It was this most recent intrusion that the DNC's IT team detected.

"The hackers stole two files," Henry told the Post. "And they had access to the computers of the entire research staff—an average of about several dozen on any given day."

In his blog post, Alperovitch described the groups' technical sophistication. "We've had lots of experience with both of these actors attempting to target our customers in the past and know them well," Alperovitch wrote. "In fact, our team considers them some of the best adversaries out of all the numerous nation-state, criminal and hacktivist/terrorist groups we encounter on a daily basis."

"Both adversaries engage in extensive political and economic espionage for the benefit of the government of the Russian Federation and are believed to be closely linked to the Russian government's powerful and highly capable intelligence services," Alperovitch added.

NPR reported that according to CrowdStrike, "the two Russian hacking groups have also 'previously infiltrated the unclassified networks of the White House, State Department, and U.S. Joint Chiefs of Staff,' as well as private companies in the energy, media, and aerospace sectors."

It didn't appear that the two groups had coordinated the attacks together, Alperovitch told the Post. "Fancy Bear is believed to work for the GRU, or Russia’s military intelligence service, he said. CrowdStrike is less sure of whom Cozy Bear works for but thinks it might be the Federal Security Service or FSB, the country’s powerful security agency, which was once headed by Putin," the newspaper noted.

Share This Article