GRU Units Target the Clinton Campaign Two military units of the GRU carried out the computer intrusions
into the Clinton Campaign, DNC, and DCCC: Military Units 26165 and 74455.110 Military Unit 26165 is
a GRU cyber unit dedicated to targeting military, political, governmental, and non-governmental organizations
outside of Russia, including in the United States.111 The unit was sub-divided into departments with
sitting in the Western District of Pennsylvania returned an indictment charging certain members of Unit
secure bitcoins used to purchase computer infrastructure used in hacking operations.113 Military Unit
7445 5 is a related GRU unit with multiple departments that engaged in cyber operations.
Unit 74455 assisted in the release of documents stolen by Unit 26165, the promotion of those releases
, and the publication of anti-Clinton content on social media accounts operated by the GRU.
Officers from Unit 74455 separately hacked computers belonging to state boards of elections, secretaries
Initial Access By no later than April 12, 2016, the GRU had gained access to the DCCC computer network
Over the ensuing weeks, the GRU traversed the network, identifying different computers connected to the
(VPN) connection120 between the DCCC and DNC networks.121 Between April 18, 2016 and June 8, 2016, Unit
Implantation of Malware on DCCC and DNC Networks Unit 26165 implanted on the DCCC and DNC networks two
X-Agent was a multi-function hacking tool that allowed Unit 26165 to log keystrokes, take screenshots
Department of Justice To operate X-Agent and X-T‘unnel on the DCCC and DNC networks, Unit 26165
computers, known by the GRU as “middle servers,” ] sent and received messages to and from malware on
by the GRU as an “AMS Panel.”
The AMS Panel— served as a nerve center through which GRU officers monitored and directed the malware
investigative Technique Investigative Technique ”6 In connection with these intrusions, the GRU
These sessions were captured as GRU officers monitored DCCC and DNC employees’ work on infected computers
T heft of Documents from DNC and DCCC Networks Officers from Unit 26165 stole thousands of documents
, fundraising data, opposition research, and emails from the work inboxes of DNC employees.130 The GRU
On April 14, 2016 (approximately three days after the initial intrusion) GRU officers downloaded rar.exe
On April 22, 2016, the GRU copied files from the DNC network to GRU-controlled computers.
Attemey—Werk—Preduetfl Unit 26165 officers appear to have stolen thousands of emails and attachments,
The GRU carried out the anonymous release through two fictitious online personas that it createdeCLeaks
km The GRU began planning the releases at least as early as April 19, 2016, when Unit 26165 registered
the domain dcleaks.com through a service that anonymized the registrant.137 Unit 26165 paid for the
Starting in June 2016, the GRU posted stolen documents onto the website dcleakscom, including documents
Department of Justice GRU officers operated a Facebook page under the DCLeaks moniker, which they
Facebook accounts.142 GRU officers also used the DCLeaks Facebook account, the Twitter account @dcleaks
GRU officers using the DCLeaks persona gave certain reporters early access to archives of leaked files
For example, on July 14, 2016, GRU officers operating under the DCLeaks persona sent a link and password
server used and managed by Unit 74455 and searched for a number of specific words and phrases in English
2.0, and WikiLeaks, GRU officers continued to target and back victims linked to the Democratic campaign
Summer and Fall 2016 Operations Targeting Democrat-Linked Victims On July 27 2016 Unit 26165 targeted
Within approximately five hours of Trump’s statement, GRU officers targeted for the first time Clinton’
After candidate Trump’s remarks Unit 26165 created and sent malicious links targeting 15 email accounts
It is unclear how the GRU was able to identify these email accounts, which were not public.184 Unit
Unit 74455 also sent spearphishing emails to public officials involved in election administration and
In August 2016, GRU officers targeted employees of , a voting technology company that developed software
Similarly, in November 2016, the GRU sent spearphishing emails to over 120 email accounts used by Florida
attached Word document coded with malicious software (commonly referred to as a Trojan) that permitted the GRU
We understand the FBI believes that this operation enabled the GRU to gain access to the network of at
Petersburg International Economic Forum Tatneft Transatlantic Parliamentary Group on Counterterrorism Unit
26165 (GRU‘) Unit 74455 (GRU) Valdai Discussion Club WikiLeaks Russia-based nonprofit established
GRU military cyber unit dedicated to targeting military, political, governmental, and non-governmental
GRU military unit with multiple departments that engaged in cyber operations.
Released data stolen by the GRU during the 2016 US. presidential election. B—l3
We have run image and text processing on the all 448 pages of the original Mueller Report PDF Image to make it searchable. Text translations are not guaranteed to be 100% accurate. Original Images and PDF's are included on every page for reference.
The Mueller Report is one of the most important documents in American History. We've made attempts to make the document more accessible, interesting and available for the average reader.