The U.S. Department of Homeland Security’s (DHS) Assistant Secretary for Public Affairs Todd Breasseale recently issued an executive summary on malicious cyberattacks conducted by the Russian government, known as Grizzly Steppe, during the U.S. election cycle.
The report stated that Russia’s civilian and military intelligence branches conducted a series of aggressive and sophisticated cyber-enabled operations that targeted not only the U.S. government, but its citizens as well. One attack noted in the report included spearphishing campaigns against government organizations, which targets passwords and login credentials to act as an entry point to steal or manipulate data.
Additional organizations affected by the cyber attacks included critical infrastructure entities, think tanks, universities, political organizations, and various corporations — all of which fell victim to stolen information during the election, which was later publicly released by third parties.
DHS and the Federal Bureau of Investigation recently released a joint analysis report (JAR), which provided details of the tools and infrastructure Russian intelligence branches used to compromise U.S. infrastructure during the election. The JAR also gave network defenders the tools they needed to identify and disrupt any incoming Russian cyberattacks in the future.
To help the public protect themselves and their organizations from a potential cyberattack, DHS is recommending they take a series of steps to protect their critical cyber infrastructure including creating backups, conducting risk analyses, routinely training staff on identifying cyber threats, vulnerability scanning and patching, conducting incident response procedures, and application whitelisting.