The 2016 U.S Presidential Elections and Russia’s Active Measures in Terms of Cyber Espionage
It’s becoming increasingly evident that major U.S-based mainstream Security News providers are increasingly becoming victim of a growing trend in the face of “blame it on Russia“ including China and Iran in terms of good old fashioned espionage tactics and techniques known as Active Measures and are therefore proceeding to take down profile and shut down a variety of newly emerged “Fake News” type of online outlets which basically represent nothing more than a good-old fashioned Blackhat SEO (Search Engine Optimization) tactic capable of attracting hundreds of thousands of new visitors to a particular Web site on the basis of generating rogue and potentially malicious and non-existent type of content including the active establishment of what can be best described as a wrongly perceived online threat in the face of cyber personas which became increasingly popular following the 2016 U.S Presidential Election in the face of the Guciffer 2.0 supposedly Russian-powered enterprise responsible for leaking key data on the 2016 U.S Presidential Election.
In this post I’ll provide actionable intelligence on the rogue and potentially fraudulent Guciffer 2.0 supposedly Russian-sponsored enterprise and offer an in-depth technical and OSINT-based type of analysis on the actual events that took place during the 2016 U.S Presidential Elections in terms of Russia’s active measures and cyber espionage campaigns.
Sample Bitly URL-Shortening Link Used in the Actual 2016 U.S Election Cyber Espionage Campaign Courtesy of Russia’s GRU Targeting John Podesta:
Sample Personal IP Used to Access John Podesta’s Personal Gmail Account:
Sample Personal Emails and Personally Identifiable Information of Guccifer 2.0 Enterprise Including a Personal IP Address:
Sample VPN Service Provider Used by the Guccifer 2.0 Enterprise:
hxxp://fr1.vpn-service.us — Email: email@example.com; firstname.lastname@example.org — 220.127.116.11
Fake Name-Based Personalities used by Russia’s GRU in the 2016 U.S Election cyber espionage campaign:
Karen W. Millen
Kate S. Milton
Sample Passive DNS Reconnaissance on all the Currently Active Domains Used in the 2016 U.S Election cyber espionage campaign courtesy of Russia’s GRU:
hxxp://accounts-qooqle.com — Email: email@example.com — 18.104.22.168
Sample Passive DNS and Responding IPs for the actual spear phishing campaign:
Sample command and control server IPs used in the actual 2016 U.S Election Cyber Espionage Campaign Courtesy of Russia’s GRU:
hxxp://misdepatrment.com — firstname.lastname@example.org
It should be clearly noted that spear phishing campaigns will continue to actively propagate and eventually target hundreds of thousands of users in a targeted fashion that also includes U.S Intelligence Community and Law Enforcement analysts and members of the U.S Intelligence Community.