Saturday, March 06, 2021

Exposing GRU's Involvement in U.S Election Interference - 2016 - An OSINT Analysis

Dear blog readers,

Continuing the "FBI's Most Wanted Cybercriminals" series I've decided to share some of the actionable intelligence that I have on GRU's involvement in the 2016 U.S Election interference with the idea to assist U.S Law Enforcement and the U.S Intelligence Community on its way to track down and prosecute the cybercriminals behind these campaigns.

In this post I'll share actionable intelligence including an in-depth discussion on the tactics techniques and procedures of the cybercriminals behind these campaigns. 

Sample personal emails involved in the campaign:

dirbinsaabol@mail.com

hi.mymail@yandex.com

Sample domains known to have been involved in the campaign:

linuxkrnl.net - 193.109.68.87; 191.151.156.205

ns1.carbon2u.com

accounts-qooqle.com

account-gooogle.com

accoounts-google.com

account-yahoo.com

accounts-googlc.com

accoutns-google.com

addmereger.com

akamainet.net

akamaivirusscan.com

apple-icloud-services.com

apple-notification.com

arabianbusinessreport.com

azamtelecom.com

babylonn.com

baengmail.com

boobleg.com

chinainternetservices.com

com-hdkurknfkjdnkrnngujdknhgfr.com

combin-banska-stiavnica.com

cvk-leaks.com

fb-security.com

g00qle.com

global-exchange.net

googlesetting.com

hlbnk.com

homesecuritysystems-sale.com

icloud-localisation.com

imperialc0nsult.com

informationen24.com

interglobalswiss.com

intra-asiarisk.com

invest-sro.com

iphone-onlineshopping.net

kur4.com

lastdmp.com

localisation-apple-icloud.com

localisation-apple-support.com

localisation-mail.com

login-163.com

login-kundenservice.com

magic-exchange.com

mail-apple-icloud.com

mailpho.com

malprosoft.com

medicalalertgroup.com

megafileuploader.com

mfadaily.com

mfapress.com

militaryexponews.com

msoftonline.com

myaccountgoogle.com

myaccountsgoogle.com

mydomainlookup.net

mypmpcert.com

net-a-porter-coupon.com

newiphone-online.net

newiphone-supply.net

newreviewgames.com

nobel-labs.net

nvidiaupdate.com

obamacarerx.net

onlinecsportal.com

pass-google.com

password-google.com

paydaytoday-uk.com

pb-forum.com

planetaryprogeneration.com

regionoline.com

security-notifications.com

service-facebook.com

servicesupdates.com

set121.com

set132.com

set133.com

sicherheitsteam-pp.com

sicherheitsteam-pp.net

skypeupdate.com

smp-cz.com

soft-storage.com

solutionmanualtestbank.com

ssl-icloud.com

team-google.com

techlicenses.com

techlicenses.net

ua-freedom.com

updates-verify.com

us-mg7mail-transferservice.com

us-westmail-undeliversystem.com

us6-yahoo.com

vatlcan.com

wordpressjointventure.com

ya-support.com

yandex-site.com

yepost.com

Sample IPs known to have been involved in the campaign:

23.227.196.217

176.31.112.10

191.101.31.112

191.101.31.6

89.40.181.119

Sample names involved in the campaign:

Mike Long

Ward DeClaur

Daniel Farrell

Jason Scott

Richard Gingrey

Alice Donovan

Den Katenberg

Yuliana Martynova

Karen W. Millen

James McMorgans

Kate S. Milton

Stay tuned!

No comments:

Post a Comment