More Security Firms Attribute DNC Server Breach to Russian Hackers
Two more cyber-security firms report finding evidence linking the Democratic National Committee's server breach to known Russian hacking groups.Two more cyber-security firms have found evidence that the hack of the Democratic National Convention's servers bears the hallmarks of known Russian espionage groups. On June 20, Fidelis Cybersecurity published its own analysis of the malware used in the attack, concluding that the attackers likely were members of two Russian espionage groups. Earlier claims made by incident response firm CrowdStrike about the attack were well-supported by the evidence, wrote Michael Buratowski, senior vice president for Fidelis' security consulting services, in a blog post published June 20. "Based on our comparative analysis we agree with CrowdStrike and believe that (Russian espionage) groups were involved in successful intrusions at the DNC," he said. "The malware samples contain data and programing elements that are similar to malware that we have encountered in past incident response investigations and are linked to similar threat actors." Incident response firm Mandiant, owned by security giant FireEye, also agreed with CrowdStrike's assessment, according to a statement sent by the firm to the Washington Post. However, a spokesperson for the company declined to comment when reached by eWEEK.
On June 14, the DNC contacted security-services firm CrowdStrike to respond to a suspected breach. The company quickly found signs that two Russian groups, which it refers to as Cozy Bear and Fancy Bear, had infiltrated the DNC's network and stole information, CrowdStrike stated in a June 15 analysis. CrowdStrike made this assertion based on a variety of characteristics including their tools, tactics and procedures, commonly known as TTPs.