Russian Government Hacking Groups Often Work Alone

The Russian government has fostered competition among three of its agencies, which operate independently from one another and compete for funds. These Russian-attributed actors are part of a larger picture in which Russia is one of the strongest powers in cyber warfare today. 

Like a number of other countries Russia is known to conduct a wide range of cyber espionage and sabotage operations and it has been hacking and attacking for the last three decades. Their advanced tools, unique approaches, and solid infrastructures suggest enormous and complicated operations that involve different military and government entities inside Russia.

This, in turn, has resulted in each group developing and hoarding its tools, rather than sharing toolkits with their counterparts, a common sight among Chinese and North Korean state-sponsored hackers. 

"Every actor or organisation under the Russian APT umbrella has its own dedicated malware development teams, working for years in parallel on similar malware toolkits and frameworks," researchers from Intezer told ZDNet.

"While each actor does reuse its code in different operations and between different malware families, there is no single tool, library or framework that is shared between different actors."

These findings suggest that Russia's cyber-espionage apparatus is investing a lot of effort into its operational security.

"By avoiding different organisations re-using the same tools on a wide range of targets, they overcome the risk that one compromised operation will expose other active operations......A research of such scale, to map code connections inside a whole ecosystem wasn't done before," Itay Cohen, a security researcher with Check Point told ZDNet.

"We didn't analyse the nature of each code since we are talking about thousands of samples.....We can say that the obvious clusters we see in our mapping can tell us that each organisation is working separately, at least in the technical aspect....
Some clusters, such as the one of ComRAT, Agent.BTZ, and Uroburos, represents an evolution of a malware family across the years."

The research team has launched a website with an interactive map for highlighting the connections between the Russian APT malware samples they analysed.

They also released a signature based tool to scan a host or a file against the most commonly re-used pieces of code by Russian APTs. This tool should help organisations detect if they've been infected by malware that has ties (shared code) with older strains of Russian APT malware.

ZDNet:        Intezer:      CheckPoint:

You Might Also Read:  

Rogue States Are Funding Stateless Hackers:

 

 

« New US Cyber Attacks On Iran
The Future Of Cyber Security Is AI »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Identity Theft Resource Center (ITRC)

Identity Theft Resource Center (ITRC)

ITRC is a non-profit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime.

Spiceworks

Spiceworks

Spiceworks provide a range of free apps for IT professionals including network inventory, network monitor, and help desk.

CertiKit

CertiKit

CertiKit produce toolkit products that accelerate the adoption of ISO/IEC standards, including ISO 27001, helping organizations all over the world to realize the benefits as soon as possible.

Lutech

Lutech

Lutech is an Italian ICT engineering and services company. Business solution areas include cyber security.

CybelAngel

CybelAngel

CybelAngel is a leading digital risk protection platform that detects and resolves external threats before these wreak havoc.

Binary Defense

Binary Defense

Binary Defense protect businesses of all sizes through advanced cybersecurity solutions including Managed Detection and Response, Security Information and Event Management and Counterintelligence.

Cord3

Cord3

Cord3 delivers data protection, even from trusted administrators – or hackers posing as administrators – with high privilege.

ScienceSoft

ScienceSoft

ScienceSoft is a provider of software development and IT consulting services including Information Security.

Britive

Britive

The Britive Platform is a cloud-native security solution built for the most demanding cloud-forward enterprises.

Secure Cyber Defense

Secure Cyber Defense

Secure Cyber Defense provides expert cybersecurity consulting and managed detection and response services to companies, local government, schools and universities.

Aravo Solutions

Aravo Solutions

Your Extended Enterprise is full of hidden risks – Aravo makes them visible, measurable, and manageable.

Delta Partners

Delta Partners

Delta Partners is a venture capital firm investing in Ireland and the United Kingdom with a strong focus on early stage technology companies.

Treacle Technologies

Treacle Technologies

Treacle Technologies are a Cyber Security startup with a focus on Defensive Security.

DataPatrol

DataPatrol

DataPatrol is a software company, specialized in providing Security and Privacy of company’s data and information in an evolved way.

Cyber Advisors

Cyber Advisors

Cyber Advisors offers customizable cyber security solutions and IT services for businesses of all sizes across the nation from experts you can trust.

Cypherleak

Cypherleak

Cypherleak provide Automated Cyber Risk Monitoring & Ai powered cyber recommendations.

Texas Cyber Solutions

Texas Cyber Solutions

Texas Cyber Solutions are elite cybersecurity advisors based in Houston, Texas providing network security solutions, penetration testing, and more.