Category:APT

Fireeye Says:

 * APT1
 * See also: wiki:Mandiant (2006-2013); wiki:China


 * APT28
 * Update prospectus, APT28: at the center of the storm, January 2017 (discusses tactics and other incidents; no hard new info).
 * See also, wiki: Fancy Bear.
 * APT29
 * See also, wiki: Cozy Bear.

Three Bears

 * Here, in Russ. Goldilocks and the Three Bears (Engl), almost identical to the Russian.

US sanctions, 'Obama says'

 * Issuance of Amended Executive Order 13694; Cyber-Related Sanctions Designations -US Treasury, December 29, 2016
 * FACT SHEET: Actions in Response to Russian Malicious Cyber Activity and Harassment -The White House, Office of the Press Secretary, December 29, 2016

Media

 * Two Russian Compounds, Caught Up in History’s Echoes -The New York Times, December 29, 2016
 * The luxurious, 45-acre compound in Maryland being shut down for alleged Russian espionage - Washington Post, December 29, 2016
 * White House announces retaliation against Russia: Sanctions, ejecting diplomats -CNN, December 30, 2016
 * ''Russia's first visible action came later Thursday, when Russian authorities ordered the closure of the Anglo-American School of Moscow (??-not confirmed), a US official briefed on the matter said. The order from the Russian government closes the school, which serves children of US, British and Canadian embassy personnel, to US and foreign nationals. The order also closes access to the US embassy vacation house in Serebryany Bor, near Moscow.
 * Russian Embassy in UK responds to sanctions with 'lame duck tweet' -The Independent, December 29, 2016

FBI says
GRIZZLY STEPPE – Russian Malicious Cyber Activity, National Cybersecurity and Communications Integration Center, FBI, Dec. 29 (spotted on Dec 30), 2016.

Commentary
No idea. (Rs).

Wordfence

 * US Govt Data Shows Russia Used Outdated Ukrainian PHP Malware - Mark Maunder, Wordfence, December 30, 2016
 * See also: DNC Leak

Crowdstrike

 * Bears in the Midst: Intrusion into the Democratic National Committee, Dmitri Alperovitch, crowdstrike.com, June 15, 2016
 * Thought-leader Alperovich provides some evidence that Fancy/Cozy Bears were on the system; but next to nothing on evidence on what they have done while in there. He gives some not very interesting short piece of code which is doing some encrypted input-output, and tells that this loads other stuff which is executed in memory, which could potentially do anything, but he can't really say what exactly was done. He writes about emails  and stealing only in terms of those APTs tactics generalities, without telling how he knows, or even whether it was done at all in this particular case.
 * The FBI Never Asked For Access To Hacked Computer Servers - Buzzfeed, January 4, 2017
 * DNC ‘Russian Hacking’ Conclusion Comes from Google-Linked Firm -Breitbart, January 6, 2017
 * Cyber Firm at Center of Russian Hacking Charges Misread Data, Voice of America, March 21, 2017
 * An influential British think tank and Ukraine’s military are disputing a report that the U.S. cybersecurity firm CrowdStrike has used to buttress its claims of Russian hacking in the presidential election.

Public hearings

 * Foreign Cyber Threats to the United States - US Senate Committee hearing, January 5, 2017

Westerners interview 'Guccifer 2.0'

 * Here's the Full Transcript of Our Interview With DNC Hacker 'Guccifer 2.0', by Lorenzo Franceschi-Bicchierai, motherboard.vice.com, June 21, 2016
 * Conversations with a hacker: What Guccifer 2.0 told me, by Mike Wendling, BBC Trending, 14 January 2017

Shadow Brokers

 * Security Breach and Spilled Secrets Have Shaken the N.S.A. to Its Core - Scott Shane, Nicole Perlroth and David E. Sangernov, The New York Times, November 12, 2017
 * (with a promotional link to Shadow Brokers 'October price adjustment').