The United States formally accused Russia of tampering with the 2016 election.
According to a joint report by the FBI and Department of Homeland Security issued Thursday, Russian intelligence operatives gained access to “a U.S. political party”presumably the Democratic National Committeein two separate instances, and were able to steal files from the organization and people involved with it.
The report’s release coincided with the announcement of sanctions against Russia, including the expulsion of 35 diplomats.
The report confirms previous reports about the hacking of the DNC, which led to the leak of emails that sparked a variety of conspiracies and accusations of bias. Cybersecurity experts who investigated the DNC hack found similar strategies were used to gain access to computers to then steal files and other security credentials.
The FBI/DHS also provided some handy visuals to understand how it all went down, and gave the Russian operation a name: Grizzly Steppe.
The diagram below, published in the report, shows how U.S. intelligence believes Russian hackers were able to send out links that then collected security credentials that allowed access to the computer systems of their targets, which then allowed for the installation of malicious programs that provided the hackers with the ability to access files that could then be stolen.
The report notes that Russia’s operation included targets outside of the DNC, with government organizations, think tanks, universities and corporations, as well as other infrastructure networks.
And they’re not necessarily done.
“Actors likely associated with [Russian Intelligence Services] are continuing to engage in spearphishing campaigns, including one launched as recently as November 2016, just days after the U.S. election,” the report states.
The report was also backed up by a joint statement from Jeh Johnson, secretary of the Department of Homeland Security, and James Clapper, director of national intelligence, which stated that “the intelligence community is confident the Russian Government directed recent compromises of e-mails from U.S. persons and institutions, including from U.S. political organizations, and that the disclosures of alleged hacked e-mails on sites like DC.Leaks.com and WikiLeaks are consistent with the Russian-directed efforts.”
The U.S. first accused Russia of the DNC campaign hack in October. In May, Clapper warned of signs that the U.S. presidential campaigns had been the target of hackers, though he did not accuse Russia.
Included in Thursday’s report is an “indicator of compromise” a piece of code that is believed to have been used by Russian hackers that indicates a breach.