Category Archives: Russia

Is the Homeland Prepared for NoKo Missiles?

Posted on by

Or China or Russia?

Ever wonder why there is no defense system in Hawaii or other remote Pacific Island? Unless, we are poised to deploy the new SM-6 which has had remarkable recent test results.

The Standard Missile-6 is built in a state-of-the-art Raytheon facility in Huntsville, Alabama. <a href ="/news/rtnwcm/groups/gallery/documents/image/six_things_sm-6_pic_01_lg.jpg" target="_blank">(Download high-resolution photo)</a>

(Is there a defense system for electronic warfare or cyber?)

What if North Korea or Iran launched a nuclear missile aimed at the United States? Could we prevent it from arriving?

That’s the basic motivation behind US homeland missile defense, a complex system of ground-based radars, satellite sensors, and interceptor missiles designed to destroy incoming warheads. If the system operated as promised, sensors would track intercontinental ballistic missiles (ICBMs) throughout their launch and flight. Interceptor missiles based in Alaska and California would then collide with and destroy the incoming weapons.

Diagram of how missile defense works ICBM launches have three distinct phases of flight. During the boost phase, a rocket launches the warhead at high speeds above the atmosphere, where it continues in free-fall through the vacuum of space. The midcourse phase begins with the rocket separating from the warhead, which continues unguided and unpowered, hundreds of miles above the Earth. The reentry, or terminal, phase sees the warhead descend at high speeds back through the Earth’s atmosphere toward the ground.

US homeland missile defense (also called “strategic missile defense”) is designed to destroy ICBMs during their midcourse phase, using interceptor missiles launched from the ground (hence the official name, “ground-based midcourse defense,” or GMD).

The process begins with infrared sensors on satellites, which monitor known launch locations for the tell-tale heat signature produced by launching rockets. Once a launch is established, tracking is transferred to radar systems, which help verify the missile’s trajectory. More here.

A target missile launch from Kwajalein Atoll in the Republic of the Marshall Islands A target missile launches from the Marshall Islands during a test intercept run. Photo: US Missile Defense Agency

The U.S. agency tasked with protecting the country from missile attacks is scouting the West Coast for places to deploy new anti-missile defenses, two Congressmen said on Saturday, as North Korea’s missile tests raise concerns about how the United States would defend itself from an attack.

West Coast defenses would likely include Terminal High Altitude Area Defense (THAAD) anti-ballistic missiles, similar to those deployed in South Korea to protect against a potential North Korean attack.

The accelerated pace of North Korea’s ballistic missile testing program in 2017 and the likelihood the North Korean military could hit the U.S. mainland with a nuclear payload in the next few years has raised the pressure on the United States government to build-up missile defenses.

Congressman Mike Rogers, who sits on the House Armed Services Committee and chairs the Strategic Forces Subcommittee which oversees missile defense, said the Missile Defense Agency (MDA), was aiming to install extra defenses at West Coast sites. The funding for the system does not appear in the 2018 defense budget plan indicating potential deployment is further off.

When asked about the plan, MDA Deputy Director Rear Admiral Jon Hill‎ said in a statement: “The Missile Defense Agency has received no tasking to site the Terminal High Altitude Air Defense System on the West Coast.”

THAAD is a ground-based regional missile defense system designed to shoot down short-, medium- and intermediate-range ballistic missiles and takes only a matter of weeks to install.

A Lockheed Martin representative declined to comment on specific THAAD deployments, but added that the company “is ready to support the Missile Defense Agency and the United States government in their ballistic missile defense efforts.” He added that testing and deployment of assets is a government decision.

In July, the United States tested THAAD missile defenses and shot down a simulated, incoming intermediate-range ballistic missile (IRBM). The successful test adds to the credibility of the U.S. military’s missile defense program, which has come under intense scrutiny in recent years due in part to test delays and failures. More here. 

 

NoKo’s Hwasong 15, the Unexpected ICBM Launch

Posted on by

SEOUL, South Korea — The intercontinental ballistic missile North Korea launched this week was a new type of missile bigger and more powerful than any the country had tested before, South Korean officials said on Thursday.

Photos from the North’s official Korean Central News Agency are providing valuable clues about the capabilities of the missile, named the Hwasong-15. North Korea said it carried a “super-large heavy warhead which is capable of striking the whole mainland of the U.S.”

North Korea’s Hwasong series represents the most successful and formidable part of its ballistic missile arsenal, and photographs of the test suggested improvements over the Hwasong-14, a missile first tested over the summer that showed the country’s capacity to strike the continental United States.

Private analysts agreed that the Hwasong-15 looked bigger and more powerful than the Hwasong-14.

NoneAP

South Korean defense officials say North Korea runs more than 160 mobile missile launching vehicles and is building more. Such vehicles make it easier to hide and transport missiles and harder for the United States and its allies to track signs of imminent missile attacks.

NoneAP

In a report published Thursday, Mr. Elleman said his “initial calculations indicate the new missile could deliver a moderately sized nuclear weapon to any city on the U.S. mainland.”

But he also said the North Koreans would need to conduct additional tests to establish the Hwasong-15’s reliability. And like other aerospace experts, Mr. Elleman pointed out that North Korea had yet to show it had mastered technology to ensure a missile warhead survives the rigors of violent re-entry into the Earth’s atmosphere.

Still, he said, “if low confidence in the missile’s reliability is acceptable, two or three test firings over the next four to six months may be all that is required before Kim Jong-un declares the Hwasong-15 combat ready.” More here.

Construction work has been seen at a launch site near the North Korean capital

The images seem to show Kim has no plans to curb his nuclear ambitions

According to the ImageSat analysts, who are closely following North Korean military activity, this is “the first time that they have decided to rebuild a site that they have used before.”

The photos, dated Nov. 23 and 24, appear to show the development of another launch pad just a few yards away from the one used during the July 4 Hwasong-14 ICBM launch, as well as a newly renovated access road.

***

North Korea has also continued work on its submarine-launched ballistic missile program, according to new analysis on Friday, also from 38 North. Satellite images show that the country is preparing to deploy one of its submersible test stand barges, presumably to work on or conduct an underwater ICBM launch. The country also continues to produce fissile material for its weapons.

***

While there is some dispute about the exact capabilities of the HS-15, it appears that the missile is so large—and indeed North Korean statements explicitly state the weapon is designed to carry a “super heavy” [3] warhead—that it might irrelevant if Pyongyang possesses warhead miniaturization technology or not. In fact, by some estimates, North Korea has intentionally overbuild the HS-15 so that future variants might be able to carry multiple independently targetable reentry vehicles (MIRV).

Other than the massive size of the HS-15—which appears to be comparable in size to the Soviet SS-19 Stiletto or SS-24 Scalpel—there are some visible technological advancements.

“The single biggest technological change I see in the missile is the absence of verniers (separate, small steering engines). It looks like they have gimbaled engines now,” Pollack said.

“That’s a significant advance. I wouldn’t rule out the involvement of foreign specialists there. We already know they’ve collaborated with Iran on some missile projects. Not that Iran has ever shown off this particular technology…”

The launch vehicle might have been developed with Chinese help however—or at least modified from Chinese supplied equipment.

“The chassis looks familiar – it’s a nine-axle version of the eight-axle chassis the Chinese supplied earlier. The NKs may have managed to modify one of the six or so chassis they have on hand,” Pollack said. “(The cab has been altered, too.) I doubt they have really learned to build these from scratch – they’ve been putting far too much effort into building big trucks instead for this purpose. If they’ve already got better technology, why bother doing that?” More here.

Due to N Korea, Hawaii Goes to Nuclear Warning Systems

Posted on by

Image result for north korea ballistic missile test

photo

TOKYO/WASHINGTON (Reuters) – Japan has detected radio signals suggesting North Korea may be preparing for another ballistic missile launch, although such signals are not unusual and satellite images did not show fresh activity, a Japanese government source said on Tuesday.

After firing missiles at a pace of about two or three a month since April, North Korean missile launches paused in September, after Pyongyang fired a rocket that passed over Japan’s northern Hokkaido island.

“This is not enough to determine (if a launch is likely soon),” the source told Reuters.

Japan’s Kyodo news agency reported late on Monday that the Japanese government was on alert after catching such radio signals, suggesting a launch could come in a few days. The report also said the signals might be related to winter military training by the North Korean military.

South Korea’s Yonhap news agency, citing a South Korean government source, also reported that intelligence officials of the United States, South Korea and Japan had recently detected signs of a possible missile launch and have been on higher alert.

Image result for hi-ema photo

Hawaii reinstates Cold War-era nuclear attack warning signal amid North Korea tension

Hawaii is reinstating a statewide nuclear attack warning signal in December to prepare for a potential attack from North Korea.

The alarm, which has not been used since the Cold War, will be reinstated on Dec. 1 as part of a ballistic missile preparedness program, according to the Hawaii Emergency Management Agency (HI-EMA).

The agency instructed residents to immediately “Get inside, stay inside and stay tuned” if they hear the siren. Alerts will be sent to resident’s phones and broadcast on television and radio. “When [HI-EMA] started this campaign, there were concerns we would scare the public. What we are putting out is information based on the best science that we have on what would happen if that weapon hit Honolulu or the assumed targets,” said HI-EMA Administrator Vern Miyagi during an emergency preparedness presentation.

Since officials would have only 15 minutes or less of warning time before a North Korean missile’s impact, Hawaii residents are advised to have a designated place to go for shelter. “There will be no time to call our loved ones, pick up our kids and find a designated shelter. We should all prepare and exercise a plan ahead of time so we can take some comfort in knowing what our loved ones are doing,” said Miyagi in an interview with The Honolulu Star Advertiser.

Although the U.S. has conducted successful missile interception tests, there is no guarantee that the Navy would detect and intercept a target, the HI-EMA warns.

An HI-EMA fact sheet explains that, based on the estimated yield of North Korean missiles, there could be anywhere from 50,000 to 120,000 burn casualties and nearly 18,000 fatalities if an attack occurs.

After an attack, residents would have to stay sheltered in place until the HI-EMA has fully assessed the radiation and fallout, which could take a few hours or as long as 14 days, the agency says on its website.

State officials have been holding town halls to answer questions from residents.

North Korea and Iran Hint at Deeper Military Cooperation

Posted on by

WI: Pyongyang has emerged as a critical partner in Tehran’s ‘Axis of Resistance,’ and officials warn that their joint efforts may extend to weapons of mass destruction.

High-level meetings between North Korean and Iranian officials in recent months are stoking concerns inside the U.S. government about the depth of military ties between the two American adversaries. In September, President Trump ordered U.S. intelligence agencies to conduct a fresh review of any potential bilateral nuclear collaboration. Yet officials in Washington, Asia, and the Middle East who track the relationship indicate that Pyongyang and Tehran have already signaled a commitment to jointly develop their ballistic missile systems and other military/scientific programs.

North Korea has vastly expanded its nuclear and long-range missile capabilities over the past year, developing intercontinental ballistic missiles that could potentially target the western United States with nuclear warheads. Over the same period, U.S. intelligence agencies have spotted Iranian defense officials in Pyongyang, raising the specter that they might share dangerous technological advances with each other. “All of these contacts need to be better understood,” said one senior U.S. official working on the Middle East. “This will be one of our top priorities.”

SUSPICIOUS MEETINGS

In early August, Kim Yong-nam, North Korea’s number two political leader and head of its legislature, departed Pyongyang amid great fanfare for an extended visit to Iran. The official reason was to attend the inauguration of President Hassan Rouhani, but the length of the visit raised alarm bells in Washington and allied capitals. North Korean state media said the trip lasted four days, but Iranian state media said it was ten, and that Kim was accompanied by a large delegation of other top officials.

Kim had last visited Tehran in 2012 to attend a gathering of the Non-Aligned Movement, the Cold War-era body composed of developing nations that strived to be independent of Washington and the Kremlin. Yet he skipped most of the events associated with that conference, instead focusing on signing a bilateral scientific cooperation agreement with President Mahmoud Ahmadinejad. According to U.S. intelligence officials, that pact looked very similar to the one Pyongyang inked with Syria in 2002; five years later, Israeli jets destroyed a building in eastern Syria that the United States and UN believe was a nearly operational North Korean-built nuclear reactor. Notably, one of the Iranian officials who attended the 2012 gathering with Kim was Atomic Energy Organization chief Fereydoun Abbasi-Davani, who was sanctioned by Washington and the UN for his alleged role in nuclear weapons development.

Similarly, Kim’s latest trip focused on more than just lending support to Rouhani, according to North Korean and Iranian state media. Kim and Vice Foreign Minister Choe Hui-chol inaugurated their country’s new embassy in Tehran, a symbol of deepening ties between the two governments. They also held a string of bilateral meetings with foreign leaders, many from countries that have been significant buyers of North Korean weapons in recent decades (e.g., Zimbabwe, Cuba, Democratic Republic of the Congo, and Namibia). The Trump administration has been intensifying diplomatic pressure on all these countries to cut their economic and military ties with Pyongyang in response to the regime’s barrage of nuclear and missile tests this year.

Regarding missile development, Iran and North Korea presented a united front against Washington during Kim’s stay. Like Pyongyang, Tehran has moved forward with a string of ballistic missile tests in recent months, despite facing UN Security Council resolutions and condemnation by the Trump administration. After meeting with Speaker of Parliament Ali Larijani on August 4, Kim declared, “Iran and North Korea share a mutual enemy [the United States]. We firmly support Iran on its stance that missile development does not need to be authorized by any nation.”

COVERT CONTACTS

The meetings that have gone unreported in state media are even more worrisome for allied governments. In recent years, U.S. and South Korean intelligence services have tracked a steady stream of Iranian and North Korean officials visiting each other in a bid to jointly develop their defense systems. Many of the North Koreans are from defense industries or secretive financial bodies that report directly to dictator Kim Jong-un, including Offices 39 and 99 of the ruling Workers’ Party of Korea.

Last year, U.S. authorities reported that missile technicians from one of Iran’s most important defense companies, the Shahid Hemmat Industrial Group, had traveled to North Korea to help develop an eighty-ton rocket booster for ballistic missiles. One of the company’s top officials, Sayyed Javad Musavi, has allegedly worked in tandem with the Korea Mining Development Trading Corp. (KOMID), which the United States and UN have sanctioned for being a central player in procuring equipment for Pyongyang’s nuclear and ballistic missile programs. For example, Shahid Hemmat has illegally shipped valves, electronics, and measuring equipment to KOMID for use in ground testing of space-launch vehicles and liquid-propellant ballistic missiles.

POLICY IMPLICATIONS

North Korea has emerged as a critical partner in the alliance of states, militias, and political movements known as the “Axis of Resistance,” which Tehran developed to challenge U.S. power in the Middle East. Pyongyang has served as an important supplier of arms and equipment to Iran’s most important Arab ally, Syria’s Assad regime, during the country’s ongoing war. And Iranian-backed Houthi rebels have procured weapons from North Korea in their efforts to topple the internationally recognized government in Yemen, according to current and former U.S. officials.

Moreover, Kim Yong-nam’s August trip appeared to have official support from Russia and China. On his way to Iran, he first flew to Vladivostok on Air Koryo, the North Korean airline that the U.S. Treasury Department sanctioned in December 2016 for financially aiding the Kim regime and its ballistic missile program. He then flew on to Tehran via Russia’s state carrier, Aeroflot, passing through Chinese airspace.

Going forward, the most pressing question is whether a smoking gun will emerge proving direct nuclear cooperation between Iran and North Korea. The U.S. government and the International Atomic Energy Agency say they have yet to see such conclusive evidence. But Iranian opposition groups allege that senior regime officials have visited North Korea to observe some of its six nuclear weapons tests. Chief among these officials, they add, is Mohsen Fakhrizadeh, an Iranian general whom the UN has accused of working closely with Fereydoun Abbasi-Davani on secret nuclear weapons research. Current and former U.S. intelligence officials say these accusations cannot be ruled out, so all known contacts between the two regimes need to be scrutinized closely.

Related image Abbasi-Davani

***Going back in history with evidence:

In 2010, the Assad regime transferred Scud-D missiles,[7] as well as a number of M-600 missiles (that have a 250Km range and carry a 500Kg warhead) – a clone of the Iranian Fateh-110. Syria provided Hezbollah operatives with training on using the Scuds at a base near Damascus.[8]

The Assad regime procured systems from Russia, which were to be partially or fully transferred to Hezbollah. Those included advanced Russian anti-air defense systems– such as the Pantsir S1-E and SA-17 BUK systems – as well as sophisticated anti-ship systems, like the Yakhont P-800.[9] It was believed that Hezbollah was the end user for some of these systems, which were kept in the group’s weapons depots on the Syrian side of the border.[10] Prior to the 2006 war, Syria also transferred Russian-made Kornet anti-tank weapons to Hezbollah, which then used these weapons against Israel.[11] As the war in Syria has intensified, Hezbollah began moving some of these advanced systems out of Syria. In January, according to media reports,[12] the Israeli Air Force struck a convoy inside Syria that was likely attempting to transfer SA-17 anti-aircraft systems to Hezbollah.

Cutout Arms Purchases from Russia

Such Syrian straw purchases, as well as other arms deals with Russia for the Syrian military itself, appear to have been bankrolled by Iran.[13] As part of this deal, some of the weapons that Damascus procured were then passed on to Tehran. This is an old practice dating back to the Iraq-Iran war, when the Assad regime purchased weapons from the Soviet bloc on Iran’s behalf and Iranian planes transferred them to Tehran.

For instance, in 2007, Jane’s Defence Weekly reported that Syria agreed to send Iran at least 10 Pantsir air-defense systems that Damascus was buying from Russia. This deal was part of “the military and technological cooperation mechanism stipulated in a strategic accord signed by both countries in November 2005.”[14] Sources indicate that Syria may have received and installed the systems in August 2007, or one month before the Israeli attack on the Syrian nuclear facility at al-Kibar.[15]

Also in 2007, the Russian daily Kommersant revealed that Moscow’s Rosoboronexport arms export company was to deliver five MiG-31E fighter jets and an unspecified number of MiG-29M/M2 fighter bombers to Syria. Iran paid for the purchase may have been the intended end-user.[16] That particular deal seems never to have materialized. However it did reveal an important and dangerous aspect of the Iranian-Syrian partnership – one that extends well beyond cutout purchases of conventional weapons.

Aside from Russia, the principal strategic partner of the Iranian and Syrian regimes has been North Korea.

North Korean assistance has been instrumental in developing both Iran and Syria’s ballistic missile programs. Pyongyang’s cooperation with Tehran is particularly close, so much so that the two countries have been described as maintaining “in effect a joint missile development program.”[17] Iranian teams have regularly attended North Korea’s long-range missile tests, and Tehran has received North Korean technology. Iran’s Shahab-3 missile (1,300-1,500Kms), for example, is based on North Korea’s Nodong missile, the development program which was reportedly financed by Iran.[18]

In 2010, there was a debate on whether Pyongyang had sold Tehran BM-25 missiles that could hit Western Europe. At the time, a senior US intelligence official said that while he was unaware of any sale of a complete BM-25, there was probably a transfer of kits, made up of missile components. “There has been a flow of knowledge and missile parts” from North Korea to Iran, he said.[19] Iran’s quest for a first strike capability and delivery systems for its nuclear weapons program suggests that cooperation with North Korea will only grow.

Pyongyang and Iran have helped Syria develop its ballistic missile program. Syria relied on North Korean technology to upgrade its Scuds. In 2005, Syria tested Scud-D missiles, but the test ended in failure, as the missile fell apart over Turkey. Another test in 2007 was successful, thanks to technological assistance from North Korea that further improved the Scud-D and extended its range. In the early 1990’s, the North Koreans helped the Syrian Scientific Studies and Research Center (SSRC) construct missile complexes in Aleppo and Hama. The Aleppo facility was also used for fitting chemical warheads on Scud missiles. An explosion at the facility in July 2007 shed further light on the Syrian-Iranian-North Korean triangle.

The explosion took place as the Syrian regime was attempting to weaponize Scud-C missiles with chemical agents. According to a report in Jane’s Defence Weekly at the time, the explosion resulted in the death of “dozens” of Iranian engineers.[20] The Japanese daily Sankei Shimbun also claimed that three North Korean engineers were among the dead.[21]

Jane’s described the weaponization effort as part of a joint program with Iran. According to the weekly, Iran helped Syria in “the planning, establishment and management” of five facilities designed for the “indigenous production of CW [chemical weapons] precursors.” The presence of North Korean personnel at the site indicates that this was in fact a trilateral collaboration. More here.

AP Blames FBI for Few Warning on Fancy Bear Hacks

Posted on by

While much of the global hacking came to a scandal status in 2015-16, the Russian ‘Fancy Bear’ activity goes back to at least 2008. The FBI is an investigative wing and works in collaboration with foreign intelligence and outside cyber experts. For official warnings to be provided to U.S. government agencies, contractors, media or political operations, the FBI will generally make an official visit to affected entities to gather evidence. The NSA, Cyber Command and the DHS all have cyber experts that track and work to make accurate attributions of the hackers.

Image result for fancy bear apt 28

The Department of Homeland Security is generally the agency to make official warnings. The Associated Press gathered independent cyber experts to perform an independent study and is ready to blame the FBI for not going far enough in warnings.

When it came to the Clinton presidential campaign hack, the FBI made several attempts to officials there and were met with disdain and distrust. The FBI wanted copies of the ‘log-in’ files for evidence and were denied.

In part the AP report states:

“CLOAK-AND-DAGGER”

In the absence of any official warning, some of those contacted by AP brushed off the idea that they were taken in by a foreign power’s intelligence service.

“I don’t open anything I don’t recognize,” said Joseph Barnard, who headed the personnel recovery branch of the Air Force’s Air Combat Command.

That may well be true of Barnard; Secureworks’ data suggests he never clicked the malicious link sent to him in June 2015. But it isn’t true of everyone.

An AP analysis of the data suggests that out of 312 U.S. military and government figures targeted by Fancy Bear, 131 clicked the links sent to them. That could mean that as many as 2 in 5 came perilously close to handing over their passwords.

It’s not clear how many gave up their credentials in the end or what the hackers may have acquired.

Some of those accounts hold emails that go back years, when even many of the retired officials still occupied sensitive posts.

Overwhelmingly, interviewees told AP they kept classified material out of their Gmail inboxes, but intelligence experts said Russian spies could use personal correspondence as a springboard for further hacking, recruitment or even blackmail.

“You start to have information you might be able to leverage against that person,” said Sina Beaghley, a researcher at the RAND Corp. who served on the NSC until 2014.

In the few cases where the FBI did warn targets, they were sometimes left little wiser about what was going on or what to do.

Rob “Butch” Bracknell, a 20-year military veteran who works as a NATO lawyer in Norfolk, Virginia, said an FBI agent visited him about a year ago to examine his emails and warn him that a “foreign actor” was trying to break into his account.

“He was real cloak-and-dagger about it,” Bracknell said. “He came here to my work, wrote in his little notebook and away he went.”

Left to fend for themselves, some targets have been improvising their cybersecurity.

Retired Gen. Roger A. Brady, who was responsible for American nuclear weapons in Europe as part of his past role as commander of the U.S. Air Force there, turned to Apple support this year when he noticed something suspicious on his computer. Hughes, a former DIA head, said he had his hard drive replaced by the “Geek Squad” at a Best Buy in Florida after his machine began behaving strangely. Keller, the former senior spy satellite official, said it was his son who told him his emails had been posted to the web after getting a Google alert in June 2016.

A former U.S. ambassador to Russia, Michael McFaul, who like many others was repeatedly targeted by Fancy Bear but has yet to receive any warning from the FBI, said the lackluster response risked something worse than last year’s parade of leaks.

“Our government needs to be taking greater responsibility to defend its citizens in both the physical and cyber worlds, now, before a cyberattack produces an even more catastrophic outcome than we have already experienced,” McFaul said. Read the full article here.

Image result for fancy bear apt 28 photo

***

Every organization has a Chief Technology Officer, even small business has a ‘go-to’ person for issues. To be in denial there are any vulnerabilities is reckless and dangerous. To assume systems are adequately protected against cyber intrusions is also derelict in duty.

Fancy Bear is listed as APT 28. APT=Advanced Persistent Threat.

APT28 made at least two attempts to compromise Eastern European government organizations:
In a late 2013 incident, a FireEye device
deployed at an Eastern European Ministry of
Foreign Affairs detected APT28 malware in
the client’s network.
More recently, in August 2014 APT28 used a
lure (Figure 3) about hostilities surrounding a
Malaysia Airlines flight downed in Ukraine in
a probable attempt to compromise the Polish
government. A SOURFACE sample employed
in the same Malaysia Airlines lure was
referenced by a Polish computer security
company in a blog post.
The Polish security
company indicated that the sample was “sent
to the government,” presumably the Polish
government, given the company’s locations and visibility.
Additionally:
Other probable APT28 targets that we have
identified:
Norwegian Army (Forsvaret)
Government of Mexico
Chilean Military
Pakistani Navy
U.S. Defense Contractors
European Embassy in Iraq
Special Operations Forces Exhibition (SOFEX)
in Jordan
Defense Attaches in East Asia
Asia-Pacific Economic Cooperation
There is also NATO, the World Bank and military trade shows. Pure and simple, it is industrial espionage.
MALWARE
Evolves and Maintains Tools for Continued, Long-Term Use
Uses malware with flexible and lasting platforms
Constantly evolves malware samples for continued use
Malware is tailored to specific victims’ environments, and is designed to hamper reverse engineering efforts
Development in a formal code development environment
Various Data Theft Techniques
Backdoors using HTTP protocol
Backdoors using victim mail server
Local copying to defeat closed/air gapped networks
TARGETING
Georgia and the Caucasus
Ministry of Internal Affairs
Ministry of Defense
Journalist writing on Caucasus issues
Kavkaz Center
Eastern European Governments & Militaries
Polish Government
Hungarian Government
Ministry of Foreign Affairs in Eastern Europe
Baltic Host exercises
Security-related Organizations
NATO
OSCE
Defense attaches
Defense events and exhibitions
RUSSIAN ATTRIBUTES
Russian Language Indicators
Consistent use of Russian language in malware over a period of six years
Lure to journalist writing on Caucasus issues suggests APT28 understands both Russian and English
Malware Compile Times Correspond to Work Day in Moscow’s Time Zone
Consistent among APT28 samples with compile times from 2007 to 2014
The compile times align with the standard workday in the UTC + 4 time zone which includes major Russian cities such as Moscow and St. Petersburg
FireEye, is a non-government independent cyber agencies that has performed and continues to perform cyber investigations and attributions. There are others that do the same. To blame exclusively the FBI for lack of warnings is unfair.
Hacking conditions were especially common during the Obama administration and countless hearings have been held on The Hill, while still there is no cyber policy, legislation or real consequence. Remember too, it was the Obama administration that chose to do nothing with regard to Russia’s interference until after the election in November and then only in December did Obama expel several Russians part of diplomatic operations and those possibly working under cover including shuttering two dachas and one mission post in San Francisco.