[Heads-up] Russian Hackers Widen Their Cyber Attacks Again With Spear Phishing Political Targets



putinThe GRU, the Russian military intelligence spy agency which was responsible for the 2016 election cyber attacks, is at it again and are now targeting the U.S. Senate and conservative groups. The WSJ reported Aug 21, 2018 that they are widening their targets for the coming midterm elections.

Microsoft last week took down six internet domains spoofing legitimate websites, which marks the early stages of spear-phishing attacks intended to compromise political operatives working for or around the targeted organizations.

In the recent past, these black hat hackers commonly referred to as Fancy Bear have used phishing emails to direct their targets to fake websites designed to resemble legitimate ones where they steal login credentials. Robert Mueller recently indicted 12 GRU officers for hacking into computers of the Clinton campaign and the Democratic National Committee.

“We are not surprised by this,” said David Tell, a spokesman for the Hudson Institute, in response to the new Microsoft findings. “There can’t be an even peripherally involved office in politics in Washington that does not routinely get emails ending in .ru with weird attachments in them.”

Mr. Tell said that the institute’s work on promoting American global leadership and tracking kleptocratic regimes would make it an especially appealing target for Moscow.

"Know Your Enemy" - Vladimir Putin, The FSB, the SRV, And The GRU

Russia under Vladimir Putin is both revanchist and paranoid, which is a dangerous combination. After the Soviet collapse, Russia is economically and demographically weak, and Putin uses his powerful intelligence services and cyber warriors as a force multiplier for asymmetrical warfare.

When Putin sows political chaos in Western Europe and seeks to disrupt and discredit American elections, he is reaching deep into the KGB’s old playbook. He is engaging in “active measures.” Like the tsars and Party chairmen who came before him, Vladimir Putin readily uses anything that gives some kind of advantage —including murder—as a tool of statecraft.

What Are These Three Evil Agencies Exactly?

First of all, let's have a quick look at these three evil agencies and how they came to be.

In the post-Soviet era, the KGB was disbanded, renamed, and reorganized. Eventually, the basic elements of the old KGB were split into two new services: the FSB and the SVR. The FSB handled domestic security and counterintelligence, similar to the FBI, and took over the KGB’s old central headquarters in Moscow,

The SVR became Russia’s new foreign intelligence service and is mostly comparable to the CIA. It was essentially the old First Chief Directorate of the KGB with a new name. The United States remained the SVR’s primary obsession, though officially now the SVR refers to America as the “main target” instead of the “main enemy.” NATO and Great Britain are also primary targets for collection.

The GRU Is The Russian Spy Agency In The Middle Of Everything

Only a few years ago, the GRU looked like it might be dissolved. But Putin found new uses for it: covert war in Ukraine and ‘active measures’. The GRU was founded in 1918 and has a 70,000-square-meter Moscow headquarters built in 2006.

The GRU allegedly was behind the recent poisonings of four people in Britain, including former GRU officer Sergei Skripal, who survived, and a woman accidentally exposed to the powerful nerve agent used, who died.

And recently there were reports that GRU hackers are directing their efforts at the U.S. power grid. Russian mercenaries serving in Ukraine, Syria and in Africa are largely drawn from GRU ranks. Three Russian journalists investigating their activities were murdered last month.

Igor Korobov, the head of the GRU, was singled out personally for U.S. Treasury sanctions in March, along with his organization, even though he had already been sanctioned by the Obama administration in late 2016 for interference in our elections. At home in Russia meanwhile, Korobov is riding high. In 2017, Korobov was promoted to colonel-general, and Putin bestowed on him the highest state honor: Hero of the Russian Federation.

Moscow does have its own intramural spy-vs.-spy rivalries. 

Moscow does have its own intramural spy-vs.-spy rivalries. The GRU had its own channel of information on corruption and money-laundering by the Russian elite that represented a threat to the interests of the FSB and SVR.

According to the GRU analysis, there was a shadow intelligence network, consisting of a clan close to Putin from the FSB, the SVR, and the regular police that was running the country.

And this group did not like having a competitor agency capable of independent comparative analysis. Significantly, the chiefs of both the FSB and the SVR sit on Putin’s National Security Council, but not the GRU head, who reports only to the armed forces general staff.

Miraculously, however, the GRU bounced back after Igor Sergun became chief of the agency in 2011. According to security expert Mark Galeotti, writing in War on the Rocks, Sergun was “an able, articulate, and effective champion of his agency’s interests… He was particularly good at managing relations with Putin and those to whom the president listens.”

Back in 2006, at the opening of the new GRU headquarters, a journalist asked a GRU general whether U.S. elections were a topic that was followed by their intelligence analysts. The general responded, “That is primarily a task for the SVR. We follow [the elections] but to a much lesser extent than the SVR."”
So how to explain that 12 years later the GRU is in the forefront of election meddling in the U.S.?

According to Vadim Birstein, an authority on the Russian security services, “In the past, the ‘active measures’ deployed for decades by the KGB/SVR against the West referred mainly to HUMINT (human intelligence) and disinformation campaigns in the media, rather than cyber warfare operations which are a new level in intelligence wars.”

Although the SVR has cyber weapons—and in fact was reported to be behind the initial 2015 attack on the DNC under the guise of “Cozy Bear”—the GRU, Birstein says, “has more technical resources to conduct operations like those described in the Mueller indictment.”

“With Putin everything is personal.” — Marina Litvinenko, widow of murdered Alexander Litvinenko

Although it is the job of the FSB, as a counterintelligence agency, to find spies and potential traitors within the military, there is some speculation that FSB officers passed information about the GRU’s hacking operations to American intelligence.

Amy Knight at the Daily Beast commented, and I fully agree: "But maybe we in the West should stop trying to figure out which Russian security service has been doing what to us. After all, the buck stops in the Kremlin. Putin is a hands-on leader—a KGB veteran himself—who calls the shots on just about everything from assassinations of alleged traitors to revenge against Western politicians he resents, like Hillary Clinton. As the widow of Alexander Litvinenko told me once, 'with Putin everything is personal.'"

More background about the GRU is here at the Daily Beast site. Great for a lunch break.

Topics: Phishing, Russia

Subscribe To Our Blog


Forrester KnowBe4 TEI Whitepaper

Recent Posts




Get the latest about social engineering

Subscribe to CyberheistNews