Russian hackingRussian government hackers used same malware in hacking of DNC, Ukrainian military

Published 22 December 2016

The Russian government hackers who hacked the computer systems of the Democratic National Committee (DNC) and the Clinton campaign in order to help Donald Trump win the 2016 presidential election, have also been hacking Ukrainian artillery units in eastern Ukraine. The hacking is aimed to help the Russian military target these units in order to help pro-Russian rebels who have been fighting the Ukrainian military in eastern Ukraine. Cyber experts have discovered that in both cases, the Russian government hackers used a piece of malware known as X-Agent.

The Russian government hackers who hacked the computer systems of the Democratic National Committee (DNC) and the Clinton campaign in order to help Donald Trump win the 2016 presidential election, have also been hacking Ukrainian artillery units in eastern Ukraine. The hacking is aimed to help the Russian military target these units in order to help pro-Russian rebels who have been fighting the Ukrainian military in eastern Ukraine.

The Telegraph reports that the use by the Russian government hackers of an infected Ukrainian Android smartphone app has reinforced the conclusions of the U.S. intelligence community that hackers working for two Russian intelligence services – the FSB and the GRU – were behind the hacking into the DNC in the run-up to the November election.

The connection between the Russian government hacking of the U.S. election campaign and the Ukrainian military was made in report released today (Thursday) by cybersecurity firm Crowdstrike.

In 2013 a Ukrainian officer developed an Android application which was used to carry out quick artillery strikes against Russian-backed rebels in eastern Ukraine. The Crowdstrike report describes how this Android smartphone application has become the means by which Russian intelligence pinpointed the location of Ukraine’s artillery units.

Adam Meyers, Vice President of Intelligence at Crowdstrike, notes that the app was distributed over social media but was ultimately hacked and redistributed on a Ukrainian military forum by the Russian military intelligence agency (GRU). One of the GRU’s cyber-operations units is known by the moniker “Fancy Bear.”

Ukrainian military units using the compromised app inadvertently gave away valuable strategic information, including troop location, access to contacts, text messages, call logs, and internet data, to the Russian military.

The U.S. intelligence community and the FBI have gathered incontrovertible evidence – from both technical and human sources — that shows Fancy Bear hackers to have been behind the hacking into the e-mail system of the DNC. The GRU then coordinated the release of these e-mails – some authentic, some doctored — with Wikileaks. The timing of the coordinated GRU-Wikileaks effort was to undermine and weaken Hillary Clinton and her campaign, and help Republican candidate Donald Trump win the election.

Dmitri Alperovitch, co-founder and chief technology officer of CrowdStrike, notes that the malware used to help the Russian-backed rebels in eastern Ukraine in their bloody clashes with the Ukrainian military is the same malware used to hack the DNC and the Clinton campaign. He said the malicious software was known as X-Agent.

Alperovitch said the hacking of the Ukrainian military offers evidence of an even stronger connection between Fancy Bear operators and the Russian military.

For them to use this on the battlefield they need a closely integrated connection,” Alperovitch said. “It’s exactly the mission of the GRU…We think this is very convincing evidence that links [Fancy Bear and the GRU] together.”

Trump has described as “ridiculous” the compelling evidence used by the U.S. intelligence community to reach its conclusion that Russia was behind the hacking of the 2016 presidential campaign, and charged that the analysts of the CIA and other U.S. intelligence agencies were “motivated by politics.”