{
	"id": "c892d555-74a8-442f-a3fb-fbc8bd26afc5",
	"created_at": "2026-04-06T00:16:51.645703Z",
	"updated_at": "2026-04-10T03:21:09.566738Z",
	"deleted_at": null,
	"sha1_hash": "052c8c9318492f5898b76b08204d6b5a76512d5a",
	"title": "FACT SHEET: Actions in Response to Russian Malicious Cyber Activity and Harassment",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 46064,
	"plain_text": "FACT SHEET: Actions in Response to Russian Malicious Cyber\r\nActivity and Harassment\r\nPublished: 2016-12-29 · Archived: 2026-04-05 17:38:48 UTC\r\nToday, President Obama authorized a number of actions in response to the Russian government’s aggressive\r\nharassment of U.S. officials and cyber operations aimed at the U.S. election in 2016.  Russia’s cyber activities\r\nwere intended to influence the election, erode faith in U.S. democratic institutions, sow doubt about the integrity\r\nof our electoral process, and undermine confidence in the institutions of the U.S. government.  These actions are\r\nunacceptable and will not be tolerated.\r\nSanctioning Malicious Russian Cyber Activity\r\nIn response to the threat to U.S. national security posed by Russian interference in our elections, the President has\r\napproved an amendment to Executive Order 13964.  As originally issued in April 2015, this Executive Order\r\ncreated a new, targeted authority for the U.S. government to respond more effectively to the most significant of\r\ncyber threats, particularly in situations where malicious cyber actors operate beyond the reach of existing\r\nauthorities.  The original Executive Order focused on cyber-enabled malicious activities that:\r\nHarm or significantly compromise the provision of services by entities in a critical infrastructure sector;\r\nSignificantly disrupt the availability of a computer or network of computers (for example, through a\r\ndistributed denial-of-service attack); or\r\nCause a significant misappropriation of funds or economic resources, trade secrets, personal identifiers, or\r\nfinancial information for commercial or competitive advantage or private financial gain (for example, by\r\nstealing large quantities of credit card information, trade secrets, or sensitive information).\r\nThe increasing use of cyber-enabled means to undermine democratic processes at home and abroad, as\r\nexemplified by Russia’s recent activities, has made clear that a tool explicitly targeting attempts to interfere with\r\nelections is also warranted.  As such, the President has approved amending Executive Order 13964 to authorize\r\nsanctions on those who: \r\nTamper with, alter, or cause a misappropriation of information with the purpose or effect of interfering with\r\nor undermining election processes or institutions.\r\nUsing this new authority, the President has sanctioned nine entities and individuals:  two Russian intelligence\r\nservices (the GRU and the FSB); four individual officers of the GRU; and three companies that provided material\r\nsupport to the GRU’s cyber operations. \r\nThe Main Intelligence Directorate (a.k.a. Glavnoe Razvedyvatel’noe Upravlenie) (a.k.a. GRU) is involved\r\nin external collection using human intelligence officers and a variety of technical tools, and is designated\r\nfor tampering, altering, or causing a misappropriation of information with the purpose or effect of\r\ninterfering with the 2016 U.S. election processes.\r\nhttps://obamawhitehouse.archives.gov/the-press-office/2016/12/29/fact-sheet-actions-response-russian-malicious-cyber-activity-and\r\nPage 1 of 3\n\nThe Federal Security Service (a.k.a. Federalnaya Sluzhba Bezopasnosti) (a.k.a FSB) assisted the GRU in\r\nconducting the activities described above.\r\nThe three other entities include the Special Technology Center (a.k.a. STLC, Ltd. Special Technology\r\nCenter St. Petersburg) assisted the GRU in conducting signals intelligence operations; Zorsecurity (a.k.a.\r\nEsage Lab) provided the GRU with technical research and development; and the Autonomous\r\nNoncommercial Organization “Professional Association of Designers of Data Processing Systems” (a.k.a.\r\nANO PO KSI) provided specialized training to the GRU.\r\nSanctioned individuals include Igor Valentinovich Korobov, the current Chief of the GRU; Sergey\r\nAleksandrovich Gizunov, Deputy Chief of the GRU; Igor Olegovich Kostyukov, a First Deputy Chief of\r\nthe GRU; and Vladimir Stepanovich Alexseyev, also a First Deputy Chief of the GRU.\r\nIn addition, the Department of the Treasury is designating two Russian individuals, Evgeniy Bogachev and\r\nAleksey Belan, under a pre-existing portion of the Executive Order for using cyber-enabled means to cause\r\nmisappropriation of funds and personal identifying information. \r\nEvgeniy Mikhailovich Bogachev is designated today for having engaged in significant malicious cyber-enabled misappropriation of financial information for private financial gain.  Bogachev and his\r\ncybercriminal associates are responsible for the theft of over $100 million from U.S. financial institutions,\r\nFortune 500 firms, universities, and government agencies.\r\nAleksey Alekseyevich Belan engaged in the significant malicious cyber-enabled misappropriation of\r\npersonal identifiers for private financial gain.  Belan compromised the computer networks of at least three\r\nmajor United States-based e-commerce companies. \r\nResponding to Russian Harassment of U.S. Personnel\r\nOver the past two years, harassment of our diplomatic personnel in Russia by security personnel and police has\r\nincreased significantly and gone far beyond international diplomatic norms of behavior.  Other Western Embassies\r\nhave reported similar concerns.  In response to this harassment, the President has authorized the following actions:\r\nToday the State Department declared 35 Russian government officials from the Russian Embassy in\r\nWashington and the Russian Consulate in San Francisco “persona non grata.”  They were acting in a\r\nmanner inconsistent with their diplomatic status. Those individuals and their families were given 72 hours\r\nto leave the United States.\r\nIn addition to this action, the Department of State has provided notice that as of noon on Friday, December\r\n30, Russian access will be denied to two Russian government-owned compounds, one in Maryland and one\r\nin New York.\r\nRaising Awareness About Russian Malicious Cyber Activity\r\nThe Department of Homeland Security and Federal Bureau of Investigation are releasing a Joint Analysis Report\r\n(JAR) that contains declassified technical information on Russian civilian and military intelligence services’\r\nmalicious cyber activity, to better help network defenders in the United States and abroad identify, detect, and\r\ndisrupt Russia’s global campaign of malicious cyber activities.\r\nhttps://obamawhitehouse.archives.gov/the-press-office/2016/12/29/fact-sheet-actions-response-russian-malicious-cyber-activity-and\r\nPage 2 of 3\n\nThe JAR includes information on computers around the world that Russian intelligence services have co-opted without the knowledge of their owners in order to conduct their malicious activity in a way that\r\nmakes it difficult to trace back to Russia. In some cases, the cybersecurity community was aware of this\r\ninfrastructure, in other cases, this information is newly declassified by the U.S. government.\r\nThe report also includes data that enables cybersecurity firms and other network defenders to identify\r\ncertain malware that the Russian intelligence services use.  Network defenders can use this information to\r\nidentify and block Russian malware, forcing the Russian intelligence services to re-engineer their\r\nmalware.  This information is newly de-classified.\r\nFinally, the JAR includes information on how Russian intelligence services typically conduct their\r\nactivities.  This information can help network defenders better identify new tactics or techniques that a\r\nmalicious actor might deploy or detect and disrupt an ongoing intrusion.\r\nThis information will allow network defenders to take specific steps that can often block new activity or disrupt\r\non-going intrusions by Russian intelligence services.  DHS and FBI are encouraging security companies and\r\nprivate sector owners and operators to use this JAR and look back within their network traffic for signs of\r\nmalicious activity. DHS and FBI are also encouraging security companies and private sector owners and operators\r\nto leverage these indicators in proactive defense efforts to block malicious cyber activity before it occurs. DHS\r\nhas already added these indicators to their Automated Indicator Sharing service.\r\nCyber threats pose one of the most serious economic and national security challenges the United States faces\r\ntoday.  For the last eight years, this Administration has pursued a comprehensive strategy to confront these\r\nthreats.  And as we have demonstrated by these actions today, we intend to continue to employ the full range of\r\nauthorities and tools, including diplomatic engagement, trade policy tools, and law enforcement mechanisms, to\r\ncounter the threat posed by malicious cyber actors, regardless of their country of origin, to protect the national\r\nsecurity of the United States.\r\nSource: https://obamawhitehouse.archives.gov/the-press-office/2016/12/29/fact-sheet-actions-response-russian-malicious-cyber-activity-and\r\nhttps://obamawhitehouse.archives.gov/the-press-office/2016/12/29/fact-sheet-actions-response-russian-malicious-cyber-activity-and\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://obamawhitehouse.archives.gov/the-press-office/2016/12/29/fact-sheet-actions-response-russian-malicious-cyber-activity-and"
	],
	"report_names": [
		"fact-sheet-actions-response-russian-malicious-cyber-activity-and"
	],
	"threat_actors": [],
	"ts_created_at": 1775434611,
	"ts_updated_at": 1775791269,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/052c8c9318492f5898b76b08204d6b5a76512d5a.pdf",
		"text": "https://archive.orkl.eu/052c8c9318492f5898b76b08204d6b5a76512d5a.txt",
		"img": "https://archive.orkl.eu/052c8c9318492f5898b76b08204d6b5a76512d5a.jpg"
	}
}