into the Clinton Campaign, DNC, and DCCC: Military Units 26165 and 74455.110 Military Unit 26165 is
a GRU cyber unit dedicated to targeting military, political, governmental, and non-governmental organizations
outside of Russia, including in the United States.111 The unit was sub-divided into departments with
sitting in the Western District of Pennsylvania returned an indictment charging certain members of Unit
26165 with hacking the US.
7445 5 is a related GRU unit with multiple departments that engaged in cyber operations.
Unit 74455 assisted in the release of documents stolen by Unit 26165, the promotion of those releases
, and the publication of anti-Clinton content on social media accounts operated by the GRU.
26165 used _to learn about Investigative Technique different Democratic websites, includin democrats.or
Between March 10, 2016 and March 15, 2016, Unit 26165 appears to have sent approximately 90 spearphishing
Initial Access By no later than April 12, 2016, the GRU had gained access to the DCCC computer network
(VPN) connection120 between the DCCC and DNC networks.121 Between April 18, 2016 and June 8, 2016, Unit
26165 compromised more than 30 computers on the DNC network, including the DNC mail server and shared
Implantation of Malware on DCCC and DNC Networks Unit 26165 implanted on the DCCC and DNC networks two
X-Agent was a multi-function hacking tool that allowed Unit 26165 to log keystrokes, take screenshots
Department of Justice To operate X-Agent and X-T‘unnel on the DCCC and DNC networks, Unit 26165
computers, known by the GRU as “middle servers,” ] sent and received messages to and from malware on
by the GRU as an “AMS Panel.”
The AMS Panel— served as a nerve center through which GRU officers monitored and directed the malware
investigative Technique Investigative Technique ”6 In connection with these intrusions, the GRU
These sessions were captured as GRU ofﬁcers monitored DCCC and DNC employees’ work on infected computers
T heft of Documents from DNC and DCCC Networks Ofﬁcers from Unit 26165 stole thousands of documents
, fundraising data, opposition research, and emails from the work inboxes of DNC employees.130 The GRU
On April 14, 2016 (approximately three days after the initial intrusion) GRU ofﬁcers downloaded rar.exe
On April 22, 2016, the GRU copied ﬁles from the DNC network to GRU-controlled computers.
Attemey—Werk—Preduetﬂ Unit 26165 ofﬁcers appear to have stolen thousands of emails and attachments,
The GRU carried out the anonymous release through two ﬁctitious online personas that it createdeCLeaks
km The GRU began planning the releases at least as early as April 19, 2016, when Unit 26165 registered
the domain dcleaks.com through a service that anonymized the registrant.137 Unit 26165 paid for the
Starting in June 2016, the GRU posted stolen documents onto the website dcleakscom, including documents
Department of Justice Aﬁemey—Werk—Pred-ueﬂ/ w That same day, June 15, 2016, the GRU also used
Beginning in late June 2016, the GRU also used the Guccifer 2.0 persona to release documents directly
and link to a locked portion of the dcleaks.com website that contained an archive of emails stolen by Unit
26165 from a Clinton Campaign volunteer in March 2016.‘49 That the Guccifer 2.0 persona provided reporters
indicate that both personas were operated by the same or a closely-related group of people.”0 The GRU
2.0, and WikiLeaks, GRU ofﬁcers continued to target and back victims linked to the Democratic campaign
Summer and Fall 2016 Operations Targeting Democrat-Linked Victims On July 27 2016 Unit 26165 targeted
After candidate Trump’s remarks Unit 26165 created and sent malicious links targeting 15 email accounts
It is unclear how the GRU was able to identify these email accounts, which were not public.184 Unit
26165 ofﬁcers also hacked into a DNC account, hosted on a cloud—computing service On September 20, 2016
Unit 74455 also sent spearphishing emails to public ofﬁcials involved in election administration and
In August 2016, GRU ofﬁcers targeted employees of , a voting technology company that developed software
Similarly, in November 2016, the GRU sent spearphishing emails to over 120 email accounts used by Florida
attached Word document coded with malicious software (commonly referred to as a Trojan) that permitted the GRU
We understand the FBI believes that this operation enabled the GRU to gain access to the network of at
Petersburg International Economic Forum Tatneft Transatlantic Parliamentary Group on Counterterrorism Unit
26165 (GRU‘) Unit 74455 (GRU) Valdai Discussion Club WikiLeaks Russia-based nonproﬁt established
GRU military cyber unit dedicated to targeting military, political, governmental, and non-governmental
GRU military unit with multiple departments that engaged in cyber operations.
Released data stolen by the GRU during the 2016 US. presidential election. B—l3
We have run image and text processing on the all 448 pages of the original Mueller Report PDF Image to make it searchable. Text translations are not guaranteed to be 100% accurate. Original Images and PDF's are included on every page for reference.
The Mueller Report is one of the most important documents in American History. We've made attempts to make the document more accessible, interesting and available for the average reader.