They had access to nearly everything, including opposition research on Donald Trump.
Russian government hackers gained access to the computer network of the Democratic National Committee, stealing login credentials and monitoring email and chats, DNC officials and security experts told the Washington Post.
Two separate hacking cells with known ties to the Russian government compromised the DNC’s systems, according to Crowdstrike, the security firm that investigated the attack. One cell, known in the security community as Cozy Bear, has had access to the DNC since last summer; the other, Fancy Bear, breached the network in April.
Cozy Bear created a Powershell exploit to gain access, a technique that has also shown up in recent ransomware attacks. In theory, it could have provided access to virtually all parts of the DNC’s network. The hacker’s connections were encrypted, with different encryption keys on every affected system to help avoid detection.
Fancy Bear, meanwhile, deployed malware called X-Agent, which allows remote command execution, file transmission, and keylogging.
Neither hacking group stole financial, donor, or personal information, indicating their presence was simply for espionage purposes, according to the Post, though they did have access to the entire database of opposition research on GOP presidential candidate Donald Trump. All of the exploits were fixed over the weekend.
Crowdstrike co-founder Dmitri Alperovitch said his firm frequently encounters Cozy Bear and Fancy Bear targeting their clients, and considers them to be some of the best computer hackers he has seen.
“Their tradecraft is superb, operational security second to none and the extensive usage of ‘living-off-the-land’ techniques enables them to easily bypass many security solutions they encounter,” he wrote in a blog post.
Cozy Bear has successfully infiltrated networks of the White House, State Department, and US Joint Chiefs of Staff, as well as numerous private sector organizations, Alperovitch wrote. Fancy Bear, meanwhile, has targeted defense organizations around the world, suggesting they are aligned with GRU, Russia’s military intelligence service.