Kremlin hackers and the Democratic National Committee: How deep is the rabbit-hole?

Well publicised attacks against the US Democrat National Committee exposed earlier this month are part of a wider pattern of attacks against a much broader range of US political targets, according to new research by Dell SecureWorks.

The same group of cyber-spies is predominantly spying on Russia and neighbouring countries but its activities are so extensive that it’s also having a very significant effect across the Atlantic, on the other side of the world from its main centre of operations, say the researchers.

The hackers are in part targeting the Google accounts of individuals and groups associated with US politics in a bid to gather intelligence, likely on behalf of the Russian government. The so-called TG-4127 crew makes extensive use of spear phishing in its attempts to ensnare targets, according to Dell SecureWorks.

The hackers used the Bitly URL-shortening service to hide the location of a spoofed Google login page. This mendacious activity used the same technique as a 2015 spear-phishing campaign that targeted more than 1,800 Google accounts, largely belonging to individuals in Russia and the former Soviet states. Some US targets and European targets were included in last year’s attack.

As well as targeting email accounts linked to Hilary Clinton’s 2016 presidential campaign and the US Democrat National Committee in June 2016, the group is also targeting journalists and activitists.

The researchers split their targets into two categories – in the first, comprising 36 per cent, were authors, journalists, NGOs and political activists whilst the remaining 64 per cent were government and military personnel, government supply chain and aerospace researchers.

Components of TG-4127 operations have been reported by other security researchers under the names APT28, Sofacy, Sednit, Fancy Bear and Pawn Storm.

“TG-4127 primarily poses a threat to organisations and individuals operating in Russia and former Soviet states,” Dell SecureWorks concludes. “However, a significant component of its activity targets entities in Western Europe and the US.”

Western targets of the group include Russian subject matter experts. defence or government organisations, organisations and individuals involved in the government supply chain, former military or government personnel and individuals associated with US politics, said the researchers. ®