The Department of Homeland Security and Federal Bureau of Investigation are releasing a Joint Analysis Report (JAR) that contains declassified technical information on Russian civilian and military intelligence services’ malicious cyber activity, to better help network defenders in the United States and abroad identify, detect, and disrupt Russia’s global campaign of malicious cyber activities.
- The JAR includes information on computers around the world that Russian intelligence services have co-opted without the knowledge of their owners in order to conduct their malicious activity in a way that makes it difficult to trace back to Russia. In some cases, the cybersecurity community was aware of this infrastructure, in other cases, this information is newly declassified by the U.S. government.
- The report also includes data that enables cyber security firms and other network defenders to identify certain malware that the Russian intelligence services use. Network defenders can use this information to identify and block Russian malware, forcing the Russian intelligence services to re-engineer their malware. This information is newly de-classified.
- Finally, the JAR includes information on how Russian intelligence services typically conduct their activities. This information can help network defenders better identify new tactics or techniques that a malicious actor might deploy or detect and disrupt an ongoing intrusion.
The Obama Administration stated today that cyber threats pose one of the most serious economic and national security challenges the United States faces today. For the last eight years, this Administration has pursued a comprehensive strategy to confront these threats. And as we have demonstrated by these actions today, we intend to continue to employ the full range of authorities and tools, including diplomatic engagement, trade policy tools, and law enforcement mechanisms, to counter the threat posed by malicious cyber actors, regardless of their country of origin, to protect the national security of the United States.
Annex to Executive Order — Taking Additional Steps to Address the National Emergency with Respect to Significant Malicious Cyber-Enabled Activities
- Main Intelligence Directorate (a.k.a. Glavnoe Razvedyvatel’noe Upravlenie) (a.k.a. GRU); Moscow, Russia
- Federal Security Service (a.k.a. Federalnaya Sluzhba Bezopasnosti) (a.k.a FSB); Moscow, Russia
- Special Technology Center (a.k.a. STLC, Ltd. Special Technology Center St. Petersburg); St. Petersburg, Russia
- Zorsecurity (a.k.a. Esage Lab); Moscow, Russia
- Autonomous Noncommercial Organization “Professional Association of Designers of Data Processing Systems” (a.k.a. ANO PO KSI); Moscow, Russia
- Igor Valentinovich Korobov; DOB Aug 3, 1956; nationality, Russian
- Sergey Aleksandrovich Gizunov; DOB Oct 18, 1956; nationality, Russian
- Igor Olegovich Kostyukov; DOB Feb 21, 1961; nationality, Russian
- Vladimir Stepanovich Alexseyev; DOB Apr 24, 1961; nationality, Russian