Russian Government Hacking Groups Often Work Alone

Uploaded on 2019-10-04 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-Russia, GOVERNMENT-National, FREE TO VIEW

The Russian government has fostered competition among three of its agencies, which operate independently from one another and compete for funds. These Russian-attributed actors are part of a larger picture in which Russia is one of the strongest powers in cyber warfare today. 

Like a number of other countries Russia is known to conduct a wide range of cyber espionage and sabotage operations and it has been hacking and attacking for the last three decades. Their advanced tools, unique approaches, and solid infrastructures suggest enormous and complicated operations that involve different military and government entities inside Russia.

This, in turn, has resulted in each group developing and hoarding its tools, rather than sharing toolkits with their counterparts, a common sight among Chinese and North Korean state-sponsored hackers. 

"Every actor or organisation under the Russian APT umbrella has its own dedicated malware development teams, working for years in parallel on similar malware toolkits and frameworks," researchers from Intezer told ZDNet.

"While each actor does reuse its code in different operations and between different malware families, there is no single tool, library or framework that is shared between different actors."

These findings suggest that Russia's cyber-espionage apparatus is investing a lot of effort into its operational security.

"By avoiding different organisations re-using the same tools on a wide range of targets, they overcome the risk that one compromised operation will expose other active operations......A research of such scale, to map code connections inside a whole ecosystem wasn't done before," Itay Cohen, a security researcher with Check Point told ZDNet.

"We didn't analyse the nature of each code since we are talking about thousands of samples.....We can say that the obvious clusters we see in our mapping can tell us that each organisation is working separately, at least in the technical aspect....
Some clusters, such as the one of ComRAT, Agent.BTZ, and Uroburos, represents an evolution of a malware family across the years."

The research team has launched a website with an interactive map for highlighting the connections between the Russian APT malware samples they analysed.

They also released a signature based tool to scan a host or a file against the most commonly re-used pieces of code by Russian APTs. This tool should help organisations detect if they've been infected by malware that has ties (shared code) with older strains of Russian APT malware.

ZDNet:        Intezer:      CheckPoint:

You Might Also Read:  

Rogue States Are Funding Stateless Hackers:

 

 

« New US Cyber Attacks On Iran
The Future Of Cyber Security Is AI »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Inspired eLearning

Inspired eLearning

Inspired eLearning deliver solutions that help clients nurture and enhance workforce skills, protect themselves against cyberattacks and regulatory violations.

Crypta Labs

Crypta Labs

Crypta Labs is an Award Winning IOT Security startup that is developing a quantum-based encryption chip to secure the Internet of Things.

Innotec Security

Innotec Security

Innotec Security is a Spanish company specializing in cybersecurity-as-a-service, cyber resilience and cyber risk management.

Blockchain Slovakia

Blockchain Slovakia

Blockchain Slovakia is a non-profit organization that brings together researchers, developers, entrepreneurs, regulators, investors and the public to support blockchain technology in Slovakia.

InPhySec

InPhySec

InPhySec is a leading New Zealand information, physical and cyber security company.

Check Point SASE

Check Point SASE

Check Point SASE (formerly Perimeter 81) is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

Visium Technologies

Visium Technologies

Visium Analytics provides innovative data visualization, cybersecurity technologies and solutions to businesses to protect and secure their data assets.

TAG Cyber

TAG Cyber

TAG Cyber's mission is to provide world-class cyber security research, advisory, and consulting services to enterprise security teams around the world.

IT Band Systems

IT Band Systems

IT Band Systems is an international provider of IT products and services including web server monitoring and web security consulting.

RocketCyber

RocketCyber

RocketCyber is a Managed SOC platform empowering Managed Service Providers (MSPs) to deliver security services to small and medium businesses.

SOOS

SOOS

SOOS is the easy-to-integrate software security solution for your whole team. Build, catch, and fix vulnerabilities with SOOS Software Composition Analysis.

Cerby

Cerby

Your team uses unmanageable applications that put you, your company, and your data at risk. Protect, secure, and accelerate your business automatically with Cerby.

Plex IT

Plex IT

Plex IT provides managed IT services to organisations along with managed security services.

Vercara

Vercara

Vercara offers a purpose-built, global cloud security platform that provides layers of protection to safeguard businesses’ online presence, no matter where an attack comes from or where it is aimed.

RAD Security

RAD Security

RAD Security (formerly KSOC) is a cloud native security company that empowers engineering and security teams to drive innovation so they can focus on growth versus security problems.

Sourcepoint

Sourcepoint

Sourcepoint offers enterprise-grade privacy automation for complex, dynamic compliance challenges.