Security expert Costin Raiu added that an apparent copy of the malware uploaded to a research reposityory also appeared to be a unique combination of existing hacking tools that had no obvious connections to known hacking teams. While that doesn’t definitively link the malware to Fancy Bear, it suggests the attack was relatively sophisticated.
The intruders used compromised logins to plant malware and get “persistent” access to systems on the agency’s network, using that to steal files.
US officials haven’t responded to requests for comment.
While it wouldn’t be shocking if Russia was behind the breach, it would still be worrying. It would indicate that Russia was not only launching an assault on US government systems, but managed to grab substantial data. It’s just a question of whether or not the damage was severe enough to significantly hamper operations.