Joint FBI-Homeland Security Report on Russian Hacking Offers Cybersecurity Recommendations

Describing an "ongoing campaign of cyber-enabled operations" by Russian civilian and military intelligence services (RIS), a Joint Analysis Report (JAR) by the FBI and the Department of Homeland Security provides technical details of recent attacks and steps to mitigate the risks of future ones. The JAR warns that the campaign is targeting a variety of U.S. organizations, including critical infrastructure entities, educational institutions, and corporations, resulting in the theft of information. The JAR and related information are available here.

The two attacks featured in the JAR used targeted "spear phishing" emails to gain access to nonpublic information held by political organizations. The first activated malware through an attachment to an email. The second tricked recipients of an email into changing their passwords by clicking on a link that led to a fake webmail domain. The JAR includes technical details related to the attacks that can be used to detect suspicious activity, such as indicators of compromise and YARA signatures to help identify associated malware. It also offers recommended steps to prevent, detect, and mitigate the impact of future cyber-attacks.

Directors of Information Technology, Network Administrators, and Information Security Officers are advised to review the report and its appendices to help address network vulnerabilities and protect their organizations from threats to their systems and data.

Contact: Karen Lipson, klipson@leadingageny.org, 518-867-8383 ext. 124