With the hearings on Russia going on earlier comments by CrowdStrike are extremely suspect.
CrowdStrike is not sure how the hackers got in. The firm suspects they may have targeted DNC employees with “spearphishing” emails. These are communications that appear legitimate — often made to look like they came from a colleague or someone trusted — but that contain links or attachments that when clicked on deploy malicious software that enables a hacker to gain access to a computer. “But we don’t have hard evidence,” Alperovitch said.
Hold on. So you’re not sure how they got in, you believe it’s by spearphishing campaigns but you don’t have hard evidence? Seeing as CrowdStrike were the only ones who examined the DNC servers, they are the only ones who would have been able to find any evidence of such a breach but they claim not to have any hard evidence. That being said if the only people who could have found evidence didn’t come up with any then why did the government release the Grizzly Steppe report specifically citing spearphishing as the method of infiltration when there’s no hard evidence ?
Russia’s civilian and military intelligence services engaged in aggressive and sophisticated cyber-enabled operations targeting the U.S. government and its citizens. The U.S. Government refers to this activity as GRIZZLY STEPPE. These cyber operations included spearphishing campaigns targeting government organizations, critical infrastructure entities, think tanks, universities, political organizations, and corporations, and theft of information from these organizations. This stolen information was later publicly released by third parties.
Is it maybe because Grizzly Steppe has this disclaimer at the top basically saying none of this carries weight
So the CrowdStrike report has no hard evidence and Grizzly Steppe is based off of that report. Together they are the complete basis for the Russian hacking theory and we’ve just seen that there’s no evidence for any of it.