In response to Russian “cyber operations aimed at the US election”, the White House released a declassified joint analysis by the FBI and Department of Homeland Security earlier this week of the campaign they have named “Grizzly Steppe”.
Image: fancybear.net
In the report, the agencies summarise the spear-phishing operation that allowed the Russian intelligence organisations known as “Cosy Bear” and “Fancy Bear” to independently access US Democratic Party emails and recommend a series of measures to mitigate further attacks. Far more importantly, they list alternate names for the hacking groups, all of which are tight as hell.
Below is a list of “Reported Russian Military and Civilian Intelligence Services” aliases and tools contained in the report, ranked from most gnarly to least:
- CrouchingYeti
- SEADADDY
- Tiny Baron
- HAMMERTOSS
- SYNful Knock
- CosmicDuke
- Sandworm
- OLDBAIT
- Operation Pawn Storm
- SOURFACE
- OnionDuke
- EVILTOSS
- Powershell backdoor
- Skipper
- CakeDuke
- GREY CLOUD
- CHOPSTICK
- Havex
- Energetic Bear
- BlackEnergy V3
- DIONIS
- MiniDionis
- Fancy Bear
- Waterbug X-Agent
- COZYBEAR
- HammerDuke
- Dragonfly
- Quedagh
- Tsar Team
- COZYDUKE
- CloudDuke
- Seaduke
- MiniDuke
- PinchDuke
- GeminiDuke
- COZYCAR
- BlackEnergy2 APT
- CORESHELL
- Sofacy
- Agent.btz
- Carberp
- SEDKIT
- SEDNIT
- VmUpgradeHelper.exe
- twain_64.dll
- APT28
- APT29
Having elections undermined by some phony emails is bad enough. Knowing that a “Tiny Baron” sent them, however, is just plain embarrassing.