U.S. intelligence agencies cited Ukrainian malware as proof that the Russian government were responsible for cyber-attacks during the presidential election, according to a report from the WordPress security service Wordfence.
Following the official accusations from U.S. intelligence agencies against Russia, Wordfence performed an analysis on the malware sample provided by the intelligence agencies as proof that Russia were behind the cyber-attacks.
In a statement from the United States Computer Emergency Readiness Team (US-CERT), the agency said their malware analysis provided the “technical details regarding the tools and infrastructure used by Russian civilian and military intelligence services (RIS).”
Wordfence found that they were familiar with the malware cited by the U.S. government and found the website that makes it. The website claims that it is based in Ukraine, and has a Ukrainian timestamp at the bottom of the website.
However, it is possible that the malware site came from Crimea, which was annexed by Russian president Vladimir Putin in March 2014, after he moved Russian military forces into the region.
The conclusions of Wordfence are that the evidence provided by the U.S. intelligence community does not prove that Russia was responsible for the cyber-attacks. They point out that the malware used is old and is freely available to anyone who wishes to use it.
“Malware is an administrative tool used by hackers to upload files, view files on a hacked website, download database contents and so on. It is used as one step in a series of steps that would occur during an attack,” they said.
“Wordfence also analyzed the IP addresses available and demonstrated that they are in 61 countries, belong to over 380 organizations and many of those organizations are well known website hosting providers from where many attacks originate. There is nothing in the IP data that points to Russia specifically,” they stated.