The US Special Counsel's report on Russian interference in the 2016 Presidential election was released in redacted form yesterday, finding insufficient evidence of collusion (that is, conspiracy and coordination) between the Trump campaign and Russian intelligence services, and offering no recommendation on obstruction.
The Mueller Report's conclusions about Russian operations are unambiguous: the GRU's Unit 26165 did the hacking, and the Internet Research Agency managed the influence campaign. The Report also concluded that the GRU's Unit 74455 retailed the results of the doxing through its subsidiaries DCLeaks and Guccifer 2.0, and through a sympathetic WikiLeaks.
TechCrunch reviews how the GRU worked: spearphishing, followed by credential theft. Once inside targeted networks the attackers used Mimikatz to harvest credentials. They used X-Agent for screenshots and keylogging, and W-Tunnel for data exfiltration. Middle servers were used to obfuscate the destination of the traffic. The discussion seems to be all about the GRU, Fancy Bear, with its FSB colleague Cozy Bear not earning a mention, unless it's buried obscurely in the report's 448 pages.
Iran's APT34, the hacking group also known as OilRig, is itself being doxed. A Telegram channel called "Read My Lips" is dumping the group's tools and some of its identities online. WIRED compares them to the ShadowBrokers. Whoever they are (neither disgruntled insiders, opposition groups, nor foreign intelligence services can be ruled out) their declared motive is exposing "this regime’s real ugly face."
KrebsOnSecurity thinks the hackers behind the Wipro attack may be a criminal gang, not necessarily a nation-state.