Russians used publicly available tools like CCleaner and seemingly unsophisticated “spearphishing” attacks to access emails and documents from the Democratic National Committee, Democratic Congressional Campaign Committee, and Hillary Clinton campaign, according to the indictment of 12 Russian nationals released Friday.
These 12 Main Intelligence Directorate of the General Staff (GRU) officers are accused of using a GRU-developed malware called “X-Agent” to access the DNC and DCCC networks and then using another piece of malware called “X-Tunnel” to “move the stolen documents outside the DCCC and DNC networks through encrypted channels.”
“X-Tunnel” is publicly available as device “cleaning” and optimization software CCleaner, which they allegedly used to “delete traces of their presence on the DCCC network.” Another unnamed “publicly available tool” was used “to gather and compress multiple documents” taken from the DNC and DCCC.
Russian President Vladimir Putin denied the election hacking allegations during a press conference after Monday’s summit with President Donald Trump. Hours earlier, Trump called the special counsel investigation, which produced Friday’s indictment, a “rigged witch hunt” in a tweet.
The indictment also points to the Russians’ use of targeted phishing emails, known as spearphishing, to gain access to the email accounts of several of those involved in the Clinton campaign, including chairman John Podesta.
“Once again, email attacks and spearphishing is the root of a lot of these types of breaches,” Alexander Garcia Tobar, co-founder and CEO of email security and authentication company Valimail, said to Fifth Domain. “If you’re a criminal and you see that a domain was not protected, why wouldn’t you just send an email as anyone from that organization to trick the recipient into divulging information.”