U.S. Department of Justice
Attorney Work Product // May Contain Material Protected Under Fed. R. Crim. P. 6(e)
secure bitcoins used to purchase computer infrastructure used in hacking operations.[1]
Military Unit 74455 is a related GRU unit with multiple departments that engaged in cyber operations. Unit 74455 assisted in the release of documents stolen by Unit 26165, the promotion of those releases, and the publication of anti-Clinton content on social media accounts operated by the GRU. Officers from Unit 74455 separately hacked computers belonging to state boards of elections, secretaries of state, and U.S. companies that supplied software and other technology related to the administration of U.S. elections.[2]
Beginning in mid-March 2016, Unit 26165 had primary responsibility for hacking the DCCC and DNC, as well as email accounts of individuals affiliated with the Clinton Campaign:[3]
- Unit 26165 used IT to learn about Investigative Technique different Democratic websites, including democrats.org, hillaryclinton.com, dnc.org, and dccc.org. Investigative Technique
- GRU officers also sent hundreds of spearphishing emails to the work and personal email accounts of Clinton Campaign employees and volunteers. Between March 10, 2016 and March 15, 2016, Unit 26165 appears to have sent approximately 90 spearphishing emails to email accounts at hillaryclinton.com. Starting on March 15, 2016, the GRU began targeting Google email accounts used by Clinton Campaign employees, along with a smaller number of dnc.org email accounts. [5]
The GRU spearphishing operation enabled it to gain access to numerous email accounts of Clinton Campaign employees and volunteers, including campaign chairman John Podesta, junior volunteers assigned to the Clinton Campaign's advance team, informal Clinton Campaign advisors, and a DNC employee.[6] GRU officers stole tens of thousands of emails from spearphishing victims, including various Clinton Campaign-related communications.
- ↑ Bitcoin mining consists of unlocking new bitcoins by solving computational problems. IT kept its newly mined coins in an account on the bitcoin exchange platform CEX.io. To make purchases, the GRU routed funds into other accounts through transactions designed to obscure the source of funds. Netyksho Indictment ¶ 62.
- ↑ Netyksho Indictment ¶ 69.
- ↑ Netyksho Indictment ¶ 9.
- ↑ See SM-2589105, serials 144 & 495.
- ↑ Investigative Technique
- ↑ Investigative Technique
download malware that enables the sender to gain access to an account or network. Netyksho Indictment ¶ 10.
37