Search Results for: crowdstrike

Attribution of 2015-6 Phishing to APT28

In two influential articles in June 2016, immediately following the Crowdstrike announcement, SecureWorks (June 16 here and June 26 here) purported to connect the DNC hack to a 2015-6 phishing campaign which they attributed to APT28.  SecureWorks identified two malicious domains in their article. In today’s article, I’ll show that infrastructure from one domain are connected […]

Arrest of the “Lurk” Banking Trojan Gang

On June 2, 2016, in a major police operation in Russia, 50 hackers from the Lurk banking trojan gang were arrested following 86 raids (Security Week here). Their malware was used for bank fraud (especially in Russia) and ransomware all over the world. The full extent of their activities became clear only after their arrest. In […]

Part 2- The TV5 Monde Hack and APT28

In his attribution of the DNC hack, Dmitri Alperovitch, of Crowdstrike and the Atlantic Council, linked APT28 (Fancy Bear) to previous hacks at TV5 Monde in France and of the Bundestag in Germany: FANCY BEAR (also known as Sofacy or APT 28) is a separate Russian-based threat actor, which has been active since mid 2000s […]

From Nigerian Scams to DNC Hack Attribution – Part 1

In Crowdstrike’s original announcement that “Russia” had hacked the DNC, Dmitri Alperovitch said, on the one hand, that the “tradecraft” of the hackers was “superb” and their “operational security second none” and, on the other hand, that Crowdstrike had “immediately identified” the “sophisticated adversaries”.  In contrast, after three years of investigation of Climategate, UK counter-intelligence had […]

Guccifer 2: From January to May, 2016

Within the small community conducting technical analysis of the DNC hack, there has been ongoing controversy over whether Guccifer 2 (G2) was a false flag for the Russians, whether G2 was located in the US rather than Russia, whether the G2 files were copied locally rather than hacked, whether G2 was a false flag for […]

Guccifer 2 and “Russian” Metadata

The DHS-FBI intel assessment of the DNC hack concluded with “high confidence” that Guccifer 2 was a Russian operations, but provided (literally) zero evidence in support of their attribution.  Ever since Guccifer 2’s surprise appearance on June 15, 2016 (one day after Crowdstrike’s announcement of the DNC hack by “Russia”), there has been a widespread […]

Time Zone of Guccifer 2 cf.7z

In a recent post, I observed that the majority of the emails in the Wikileaks DNC archive were sent AFTER Crowdstrike installed their anti-Russian software on May 6.  In today’s post, I’ll look at a metadata issue concerning Guccifer 2, who was, with “high confidence”, attributed by the US intel community to be Russian, supposedly […]

Email Dates in the Wikileaks DNC Archive

Yesterday, Scott Ritter published a savage and thorough critique of the role of Dmitri Alperovitch and Crowdstrike, who are uniquely responsible for the attribution of the DNC hack to Russia. Ritter calls it “one of the greatest cons in modern American history”.  Ritter’s article gives a fascinating account of an earlier questionable incident in which […]