Page:NSA Report on Russia Spearphishing.pdf/2

From Wikisource
Jump to navigation Jump to search
This page has been validated.

TOP SECRET//SI//ORCON/REL TO USA, FVEY/FISA

 DIRNSA
 

and beacon out to malicious infrastructure. In October 2016, the actors also created a new e-mail address that was potentially used to offer election-related products and services, presumably to U. S.-based targets. Lastly, the actors sent test e-mails to two non-existent accounts ostensibly associated with absentee balloting, presumably with the purpose of creating those accounts to mimic legitimate services.

Campaign Against U. S. Company 1 and Voter Registration-Themed Phishing of U. S. Local Government Officials (S//SI//REL TO USA, FVEY/FISA)

Russian Cyber Threat Actors Target U. S. Company 1 (S//REL TO USA, FVEY/FISA)

(TS//SI//OC/REL TO USA, FVEY/FISA) Cyber threat actors   executed a spear-phishing campaign from the email address noreplyautomaticservice@gmail.com on 24 August 2016 targeting victims that included employees of U. S. Company 1, according to information that became available in April 2017.[1] This campaign appeared to be designed to obtain the end-users’ e-mail credentials by enticing the victims to click on an embedded link within a spoofed Google Alert e-mail, which would redirect the user to the malicious domain  .[2] The following potential victims were identified:

  • U. S. e-mail address 1 associated with U. S. Company 1,
  • U. S. e-mail address 2 associated with U. S. Company 1,
  • U. S. e-mail address 3 associated with U. S. Company 1,
  • U. S. e-mail address 4 associated with U. S. Company 1,
  • U. S. e-mail address 5 associated with U. S. Company 1,
  • U. S. e-mail address 6 associated with U. S. Company 1, and
  • U. S. e-mail address 7 associated with U. S. Company 1.

(TS//SI//OC/REL TO USA, FVEY/FISA) Three of the malicious e-mails were rejected by the e-mail server with the response message that the victim’s addresses did not exist. The three rejected e-mail addresses were U. S. e-mail addresses 1 to 3 associated with U. S. Company 1.

———————————————

  1. (TS//SI//OC/REL TO USA, FVEY/FISA) The GRU   is also rendered as military unit  
  2. (TS//SI//OC/REL TO USA, FVEY/FISA) For additional information on   and its cyber espionage mandate, specifically directed at U. S. and foreign elections, see  

Page 2

TOP SECRET//SI//ORCON/REL TO USA, FVEY/FISA