Russian-Speaking Hacker Selling Access to the US Election Assistance Commission

Recorded Future threat intelligence technology identified chatter (not intelligence at that point) related to a suspected breach of the U.S. Election Assistance Commission (EAC).

Further research identified a Russian hacker (Recorded Future refers to this actor as Rasputin) soliciting a buyer for EAC database access credentials.

For more information visit https://www.recordedfuture.com/rasputin-eac-breach/.

Key Findings

  • On December 1, 2016, Recorded Future identified chatter related to a suspected breach of the U.S. Election Assistance Commission (EAC).
  • Recorded Future engaged the Russian-speaking actor (referred to as “Rasputin” in this research) to assess the full scope of the unauthorized access, and provided all relevant information to federal law enforcement.
  • Further analysis identified more than 100 potentially compromised access credentials, including some with administrative privileges.
  • Rasputin offered to sell an unpatched system vulnerability to a Middle Eastern government broker.
  • Recorded Future successfully attributed the EAC breach to Rasputin.

 

For more information visit https://www.recordedfuture.com/rasputin-eac-breach/.

Cyber Threat Intelligence?

What is cyber intelligence?

According to CERT-UK, cyber threat intelligence (CTI) is an “elusive” concept. While cyber security comprises the recruitment of IT security experts, and the deployment of technical means, to protect an organization’s critical infrastructure, or intellectual property, CTI is based on the collection of intelligence using open source intelligence (OSINT), social media intelligence (SOCMINT), human Intelligence (HUMINT) or intelligence from the deep and dark web. CTI’s key mission is to research and analyze trends and technical developments in three areas:

Cyber crime
Cyber activism
Cyber espionage (advanced persistent threat or APT)

Those accumulated data based on research and analysis enable states to come up with preventive measures in advance. Considering the seriousness impacts of cyber threats, CTI has been raised as a(n) efficient solution to maintain international security.

From Wikipedia, the free encyclopedia

Why does this matter?

So the idea behind cyber intelligence is to understand the intent of the adversary in order to develop better strategies for dealing with them, including whether to be offensive, defensive or both. This cyber intelligence is provided in the form of intelligence products that result from collecting, evaluating and interpreting available data concerning known cyber attacks and their surroundings activities. It is important to remember that cyber intelligence is just that intelligence not fact. It is the best educated guess at what your adversary may do based on the data available. The larger the pool of data, the better the analytical abilities and the more effective the countermeasures may only serve to delay, deflect or disengage the adversaries.

What cyber intelligence sources do you rely on?