Guccifer 2.0, the DNC Hack, and FANCY BEARS, Oh My!

The ThreatConnect Research Team is an elite group of globally-acknowledged cyber intelligence experts, dedicated to tracking down existing and emerging cyber threats. Then, they share their findings to ensure you can protect your organization, and your team can take precise action against threats. Last but not least, they raise the water for everyone by educating the public on their tradecraft, building applications to make the work easier in the TC Apps Lab, and supporting educational institutions like SANS who are training the next generation of experts.

Recently, the ThreatConnect Research team has been exploring the breaches to the Democratic National Committee (DNC) and the Democratic Congressional Campaign Committee (DCCC) and has posted their findings in a series of blog posts. Follow the breadcrumbs left by Guccifer 2.0 and the pawprints from COZY and FANCY BEAR to uncover what's really going on.

FANCY BEAR

Read the Post

investigate-incidents

Let’s Get Fancy

October 18, 2016

See how the ThreatConnect Research team used the Platform to investigate incidents, identify intelligence and conduct pertinent analysis regarding FANCY BEAR.

Read the Post

bellingcat-diamond-model-intrusion-analysis

Belling the BEAR

September 28, 2016

ThreatConnect reviews activity targeting Bellingcat, a key contributor in the MH17 investigation.

Read the Post

ThreatConnect Farsight Passive DNS State Election Board Spoofed Domain

Can a BEAR Fit Down a Rabbit Hole?

September 2, 2016

ThreatConnect Identifies Infrastructure Nexus Between Attacks Against State Election Boards and Spearphishing Campaign Against Turkish, Ukrainian Governments.

Read the Post

Does a BEAR Leak in the Woods?

August 12, 2016

ThreatConnect identifies DCLeaks as another Russian-backed influence outlet.

Read the Post

ThreatConnect Farsight Passive DNS integration

FANCY BEAR Has an (IT) Itch that They Can’t Scratch

July 29, 2016

ThreatConnect and Fidelis team up to explore the Democratic Congressional Campaign Committee (DCCC) compromise.

Read the Post

ThreatConnect Research Guccifer 2.0: All Roads Lead to Russia 3

Guccifer 2.0: All Roads Lead to Russia

July 26, 2016

ThreatConnect follows Guccifer 2.0’s French breadcrumbs back to a Russian VPN Service.

Read the Post

i love windbg guccifer 2.0

Guccifer 2.0: the Man, the Myth, the Legend?

July 20, 2016

ThreatConnect reassesses Guccifer 2.0’s claims in light of his recent public statements.

Read the Post

Threatconnect Analyze Indicators dncbreach

What’s in a Name… Server?

July 7, 2016

ThreatConnect expanded on the DNC Breach research looking at the name server hosting information for the misdepatrment[.]com spoofed domain.

Read the Post

guccifer 2.0 twitter

The Shiny Object? Guccifer 2.0 and the DNC Breach

June 29, 2016

ThreatConnect challenges Guccifer 2.0’s claimed attribution for the Democratic National Committee (DNC) breach.

Read the Post

Rebooting Watergate: Tapping into the Democratic National Committee

June 17, 2016

ThreatConnect uses the Crowdstrike blog article as a basis for conducting further research into the DNC breach and identifies additional infrastructure.