Hackers of the Russian state have infiltrated a US federal agency, according to the To warn It was published by the Cyber Security and Infrastructure Security Agency (CISA) last week, which Stay away from identifying the agency.
The warning provided details of the methods of Russian state hackers and their use of a new form of malware in the process of stealing data.
And the hacking group appears to be (Fancy BearAccording to clues revealed by a researcher at the cybersecurity company Dragos.
The group, also known as APT28, is responsible for the hacking attacks targeting the 2016 US presidential election.
It is also responsible for a massive campaign of intrusions targeting political parties and campaigns this year.
Clues pointing to (APT28) are based in part on a notice sent by the FBI on the targets of a hacking campaign in May this year.
The notification warned that the group was targeting US networks on a large scale, including government agencies and educational institutions.
The notification listed several IP addresses that the group was using in its operations.
Researcher Joe Slowik of Dragos notes that there is an IP address that identifies a server in Hungary used in this APT28 campaign that matches the IP address listed in the CISA warning.
This indicates that (APT28) used the same Hungarian server for the break-in, which CISA described as one of the successful intrusion attempts.
A report issued by the Department of Energy last year warned that APT28 had scanned a US government corporation’s network from a server in Latvia and listed that server’s IP address.
This Latvian IP address was also featured in the hacking operation described in CISA Warning.
Some of the Internet Protocol addresses listed in the FBI, DOE and CISA documents also appear to interfere with the operations of known cybercriminals.
The researcher points out that this information means that the Russian state pirates reuse the infrastructure of cyber criminals to evade responsibility for these operations.
The hackers somehow obtained the usernames and passwords of several employees of the federal agency.
CISA says it does not know how this data was obtained, and the warning speculates that the attackers may have used a vulnerability in Pulse Secure’s VPN service.
The Russian state hackers used command-line tools to move between the agency’s devices, before downloading the special malware, and then they used that malware to access the agency’s file server and transfer files.
And Microsoft warned earlier this month that the Russian group was implementing widespread and relatively simple techniques to infiltrate organizations and campaigns related to this year’s presidential election.
According to Microsoft, the Russian state hackers used a combination of methods in order to obtain user account passwords.