From today's Times
Jim Carroll

Hackers working for the Kremlin Targeted all walks of life in the West, says FBI
Mark Bridge
Russia is committed to a longstanding cybercampaign against the American government and its citizens in every arena, from politics to business and education, intelligence services have claimed.
In a joint report, the FBI and Department of Homeland Security said that the same Kremlin-backed hackers had been involved in multiple attacks. This fits with revelations in The Times this month that Russian hackers have attempted attacks on British targets.
The report said that covert Russian operations, codenamed Grizzly Steppe by US officials, were based around so¬phisticated "spearphishing" campaigns.
They used the tactics to access the computer systems of government orga¬nisations, critical infrastructure, think tanks, universities, political organisa¬tions, and corporations, leading to the theft of information.
It confirmed that recent big attacks were the works of the Kremlin-backed groups known as Cozy Bear and Fancy Bear, as private security operators had previously stated.
The report included an account of successful cyberattacks on the Demo¬cratic National Committee, which led to the damaging leaks of correspond¬ence between senior party figures by WikiLeaks. Investigators said Cozy Bear broke into the party's computer systems in the summer of last year, and Fancy Bear entered in spring this year.
It said Cozy Bear crafted spearphishing campaigns, where recipients of an email were enticed to open it because they thought it was from an official source. Once they did this, their computer was infected by "remote access tools" or RATs, giving them entry to all other computers on the network.
Fancy Bear worked slightly different¬ly, it said, creating fake domains that tricked people into entering legitimate credentials. The group compromised the party by sending a spearphishing email which tricked recipients into changing their passwords through a fake webmail domain. The email that tricked senior democrats such as John Podesta, Hillary Clinton's campaign chairman, contained a link that looked like a legitimate Google web address.
Using the harvested credentials, Fancy Bear was able to gain access and steal content, leading to the leaked emails from senior Democratic Party figures. "The US Government assesses that information was leaked to the press and publicly disclosed," the report continued, prompting some critics to complain it was stating the obvious.
The jargon-heavy report continued: "Once they have access to victims, both groups exfiltrate and analyse informa¬tion to gain intelligence value. These groups use this information to craft [further] highly targeted spearphishing campaigns. These (groups] set up operational infrastructure to obfuscate their source infrastructure, host domains and malware for targeting organizations, establish command and control nodes, and harvest credentials and other valuable information."
Spearphishing attacks are essentially the same as the Nigerian "phishing" attacks most British internet users are now wise to. The US government report indicated that the Russian attacks were particularly convincing, however.
Russia Today, the state-backed media outlet, responded to the US report by tweeting a picture of a grizzly bear ap¬parently playing a guitar.
The Times Dec 30th