Unit 26165 (GRU) in the Mueller Report - 33 Mentions

Page 44 of 448

See the full source

View Page 44

Page 44:

into the Clinton Campaign, DNC, and DCCC: Military Units 26165 and 74455.110 Military Unit 26165 is

a GRU cyber unit dedicated to targeting military, political, governmental, and non-governmental organizations

outside of Russia, including in the United States.111 The unit was sub-divided into departments with

sitting in the Western District of Pennsylvania returned an indictment charging certain members of Unit

26165 with hacking the US.

Page 45 of 448

See the full source

View Page 45

Page 45:

7445 5 is a related GRU unit with multiple departments that engaged in cyber operations.

Unit 74455 assisted in the release of documents stolen by Unit 26165, the promotion of those releases

, and the publication of anti-Clinton content on social media accounts operated by the GRU.

26165 used _to learn about Investigative Technique different Democratic websites, includin democrats.or

Between March 10, 2016 and March 15, 2016, Unit 26165 appears to have sent approximately 90 spearphishing

Page 46 of 448

See the full source

View Page 46

Page 46:

Initial Access By no later than April 12, 2016, the GRU had gained access to the DCCC computer network

(VPN) connection120 between the DCCC and DNC networks.121 Between April 18, 2016 and June 8, 2016, Unit

26165 compromised more than 30 computers on the DNC network, including the DNC mail server and shared

Implantation of Malware on DCCC and DNC Networks Unit 26165 implanted on the DCCC and DNC networks two

X-Agent was a multi-function hacking tool that allowed Unit 26165 to log keystrokes, take screenshots

Page 47 of 448

See the full source

View Page 47

Page 47:

Department of Justice To operate X-Agent and X-T‘unnel on the DCCC and DNC networks, Unit 26165

computers, known by the GRU as “middle servers,” ] sent and received messages to and from malware on

by the GRU as an “AMS Panel.”

The AMS Panel— served as a nerve center through which GRU officers monitored and directed the malware

investigative Technique Investigative Technique ”6 In connection with these intrusions, the GRU

Page 48 of 448

See the full source

View Page 48

Page 48:

These sessions were captured as GRU officers monitored DCCC and DNC employees’ work on infected computers

T heft of Documents from DNC and DCCC Networks Officers from Unit 26165 stole thousands of documents

, fundraising data, opposition research, and emails from the work inboxes of DNC employees.130 The GRU

On April 14, 2016 (approximately three days after the initial intrusion) GRU officers downloaded rar.exe

On April 22, 2016, the GRU copied files from the DNC network to GRU-controlled computers.

Page 49 of 448

See the full source

View Page 49

Page 49:

Attemey—Werk—Preduetfl Unit 26165 officers appear to have stolen thousands of emails and attachments,

The GRU carried out the anonymous release through two fictitious online personas that it createdeCLeaks

km The GRU began planning the releases at least as early as April 19, 2016, when Unit 26165 registered

the domain dcleaks.com through a service that anonymized the registrant.137 Unit 26165 paid for the

Starting in June 2016, the GRU posted stolen documents onto the website dcleakscom, including documents

Page 51 of 448

See the full source

View Page 51

Page 51:

Department of Justice Afiemey—Werk—Pred-uefl/ w That same day, June 15, 2016, the GRU also used

Beginning in late June 2016, the GRU also used the Guccifer 2.0 persona to release documents directly

and link to a locked portion of the dcleaks.com website that contained an archive of emails stolen by Unit

26165 from a Clinton Campaign volunteer in March 2016.‘49 That the Guccifer 2.0 persona provided reporters

indicate that both personas were operated by the same or a closely-related group of people.”0 The GRU

Page 57 of 448

See the full source

View Page 57

Page 57:

2.0, and WikiLeaks, GRU officers continued to target and back victims linked to the Democratic campaign

Summer and Fall 2016 Operations Targeting Democrat-Linked Victims On July 27 2016 Unit 26165 targeted

After candidate Trump’s remarks Unit 26165 created and sent malicious links targeting 15 email accounts

It is unclear how the GRU was able to identify these email accounts, which were not public.184 Unit

26165 officers also hacked into a DNC account, hosted on a cloud—computing service On September 20, 2016

Page 59 of 448

See the full source

View Page 59

Page 59:

Unit 74455 also sent spearphishing emails to public officials involved in election administration and

In August 2016, GRU officers targeted employees of , a voting technology company that developed software

Similarly, in November 2016, the GRU sent spearphishing emails to over 120 email accounts used by Florida

attached Word document coded with malicious software (commonly referred to as a Trojan) that permitted the GRU

We understand the FBI believes that this operation enabled the GRU to gain access to the network of at

Page 413 of 448

See the full source

View Page 413

Page 413:

Petersburg International Economic Forum Tatneft Transatlantic Parliamentary Group on Counterterrorism Unit

26165 (GRU‘) Unit 74455 (GRU) Valdai Discussion Club WikiLeaks Russia-based nonprofit established

GRU military cyber unit dedicated to targeting military, political, governmental, and non-governmental

GRU military unit with multiple departments that engaged in cyber operations.

Released data stolen by the GRU during the 2016 US. presidential election. B—l3


Where is this data from?

We have run image and text processing on the all 448 pages of the original Mueller Report PDF Image to make it searchable. Text translations are not guaranteed to be 100% accurate. Original Images and PDF's are included on every page for reference.

Why did you do this?

The Mueller Report is one of the most important documents in American History. We've made attempts to make the document more accessible, interesting and available for the average reader.

OPEN Mueller Report