FireEye has recently confirmed that the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have concurred with its position on the Russian role in the recent presidential elections in the United States.
The June 2016 announcement from the Democratic National Committee (DNC), attributing its network breach to the Russian government, triggered an international debate over Russia’s sponsorship of information operations against the United States of America.
FireEye analysed the malware allegedly found on DNC networks and found that it was consistent with the previously observed tools and activities utilised by a Russia-based threat actor known as APT (Advanced Persistent Threat) 28. On December 29, 2016, the Department of Homeland Security and the Federal Bureau of Investigation released a Joint Analysis Report, confirming FireEye’s long held public assessment that the Russian government sponsors APT 28.
Since at least 2007, APT 28 has engaged in extensive operations in support of Russian strategic interests. The group has historically collected intelligence on defence and geopolitical issues, FireEye says. The primary targets of APT 28’s espionage activity have been entities in the United States, Europe and the countries of the former Soviet Union, including governments (the German Bundestag), security organizations (NATO), defence attaches, media entities (TV5 Monde), as well as dissidents and figures opposed to the current Russian government. Some of these operations have involved the disruption and defacement of websites, false flag operations and the theft of data that later re-emerged publicly online, the company adds.
FireEye says that since 2014, Russia has increasingly leveraged APT 28 to conduct information operations commensurate with broader strategic military doctrine. In light of the latest report from the Office of the Director of National Intelligence detailing Russia’s role in the US election, the most consequential question we need to ask now is: how does—and how will—the Russian government employ successful information operations – including hacks and leaks – to undermine the institutions, policies, and actors that it perceives run counter to its pursuits. Operations aimed at the U.S. elections are just the latest example of a little-understood capability we have already seen used against NATO, the German government, think tanks, media organisations and key individuals, FireEye experts conclude.