Click here for Logical Analysis ReportOp-ed:
From our analysis, we found the following most relevant:"They're a formidable actor, and they're still capable of getting access to sensitive areas," says Hultquist.
APT28, before its more recent hack-and-leak operations of the last few years, has a long history of espionage operations that have targeted US, NATO, and Eastern European government and military targets. The CISA advisory, along with the DOE and FBI findings that track related APT28 hacking campaigns, all suggest that those spying operations continue today.
"It's certainly not surprising that Russian intelligence would be trying penetrate the US governmentNow, clues uncovered by a researcher at cybersecurity firm Dragos and an FBI notification to hacking victims obtained by WIRED in July suggest a likely answer to the mystery of who was behind the intrusion: They appear to be Fancy Bear, a team of hackers working for Russia's GRU. Also known as APT28, the group has been responsible for everything from hack-and-leak operations targeting the 2016 US presidential election to a broad campaign of attempted intrusions targeting political parties, consultancies, and campaigns this year.
"They're a formidable actor, and they're still capable of getting access to sensitive areas."
The clues pointing to APT28 are based in part on a notification the FBI sent to targets of a hacking campaign in May of this year, which WIRED obtainedThat would suggest that APT28 used the same Hungarian server in the intrusion described by CISA.and that at least one of the attempted intrusions described by the FBI was successful.
"Based on the infrastructure overlap, the series of behaviors associated with the event, and the general timing and targeting of the US government, this seems to be something very similar to.if not a part of.the campaign linked to APT28 earlier this year," says Slowik, the former head of from that FBI notification, Slowik also found a second infrastructure connectionWIRED reached out to CISA, as well as the FBI and DOE, but none responded to our request for comment.
Although it doesn't name APT28, CISA's advisory does detail step-by-step how the hackers carried out their intrusion inside an unidentified federal agency