FireEye recently confirmed that the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have concurred with its position on the Russian role in the recent presidential elections in the United States.
The June 2016 announcement from the Democratic National Committee (DNC), attributing its network breach to the Russian government, triggered an international debate over Russia’s sponsorship of information operations against the United States of America.
FireEye analyzed the malware allegedly found on DNC networks and found that it was consistent with the previously observed tools and activities utilized by a Russia-based threat actor known as APT (Advanced Persistent Threat) 28. On December 29, 2016, the Department of Homeland Security and the Federal Bureau of Investigation released a Joint Analysis Report, confirming FireEye’s long held public assessment that the Russian government sponsors APT 28.
Since at least 2007, APT 28 has engaged in extensive operations in support of Russian strategic interests. The group has historically collected intelligence on defense and geopolitical issues. The primary targets of APT 28’s espionage activity have been entities in the United States, Europe and the countries of the former Soviet Union, including governments (the German Bundestag), security organizations (NATO), defense attaches, media entities (TV5 Monde), as well as dissidents and figures opposed to the current Russian government. Some of these operations have involved the disruption and defacement of websites, false flag operations and the theft of data that later reemerged publicly online.