Russian Government Hacking Groups Often Work Alone

The Russian government has fostered competition among three of its agencies, which operate independently from one another and compete for funds. These Russian-attributed actors are part of a larger picture in which Russia is one of the strongest powers in cyber warfare today. 

Like a number of other countries Russia is known to conduct a wide range of cyber espionage and sabotage operations and it has been hacking and attacking for the last three decades. Their advanced tools, unique approaches, and solid infrastructures suggest enormous and complicated operations that involve different military and government entities inside Russia.

This, in turn, has resulted in each group developing and hoarding its tools, rather than sharing toolkits with their counterparts, a common sight among Chinese and North Korean state-sponsored hackers. 

"Every actor or organisation under the Russian APT umbrella has its own dedicated malware development teams, working for years in parallel on similar malware toolkits and frameworks," researchers from Intezer told ZDNet.

"While each actor does reuse its code in different operations and between different malware families, there is no single tool, library or framework that is shared between different actors."

These findings suggest that Russia's cyber-espionage apparatus is investing a lot of effort into its operational security.

"By avoiding different organisations re-using the same tools on a wide range of targets, they overcome the risk that one compromised operation will expose other active operations......A research of such scale, to map code connections inside a whole ecosystem wasn't done before," Itay Cohen, a security researcher with Check Point told ZDNet.

"We didn't analyse the nature of each code since we are talking about thousands of samples.....We can say that the obvious clusters we see in our mapping can tell us that each organisation is working separately, at least in the technical aspect....
Some clusters, such as the one of ComRAT, Agent.BTZ, and Uroburos, represents an evolution of a malware family across the years."

The research team has launched a website with an interactive map for highlighting the connections between the Russian APT malware samples they analysed.

They also released a signature based tool to scan a host or a file against the most commonly re-used pieces of code by Russian APTs. This tool should help organisations detect if they've been infected by malware that has ties (shared code) with older strains of Russian APT malware.

ZDNet:        Intezer:      CheckPoint:

You Might Also Read:  

Rogue States Are Funding Stateless Hackers:

 

 

« New US Cyber Attacks On Iran
The Future Of Cyber Security Is AI »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Materna Radar Cyber Security

Materna Radar Cyber Security

Radar Cyber Security is the only European supplier of Managed Detection & Response who provides its services based on inhouse developed technology.

Advisen

Advisen

Advisen is the leading provider of data, media, and technology solutions for the commercial property and casualty insurance market including cyber risk.

Cloudmark

Cloudmark

Cloudmark is a trusted leader in intelligent threat protection against known and future attacks, safeguarding 12 percent of the world’s inboxes from wide-scale and targeted email threats.

Real Random

Real Random

Real Random is on a mission to enhance existing and new crypto-systems with its revolutionary solution to generating numbers that are Truly Random.

Hunters.AI

Hunters.AI

Hunters is the world's first autonomous hunting solution that leverages top-tier cyber expertise and AI to uncover hidden cyber threats.

IT Search

IT Search

IT Search is a specialist IT recruitment company focusing on Cyber Security, IT Infrastructure, Software, Data, Digital Transformation and C Suite leadership positions.

CyberEdBoard

CyberEdBoard

CyberEdBoard is a private, peer-to-peer education and networking community focused on cybersecurity, technology, business processes and risk management.

nexSecurity

nexSecurity

neXSecurity is an IT and Information security consulting company with more than 2 decades worth of software development and security experience.

Imageware

Imageware

Imageware is a leader in biometric cybersecurity. Protect against costly, damaging ransomware hacks by employing biometric cybersecurity solutions.

Cloudsec Asia

Cloudsec Asia

Cloudsec Asia is Thailand's top-ranked cybersecurity consultant company. We offers security services to ensure that all your IT assets are reliable, accessible, and secure.

Akto

Akto

Akto, the plug & play API security platform. Discover your APIs, run tests and find business logic vulnerabilities at ludicrous speed.

Epoch Concepts

Epoch Concepts

Offering a full line of IT services, solutions, and integration capabilities, Epoch Concepts is the trusted partner of the US military, federal agencies, private enterprises, and systems integrators.

Hexagon

Hexagon

Hexagon is a global leader in digital reality solutions. We are putting data to work to boost efficiency, productivity, quality and safety.

Everfox

Everfox

Everfox (formerly Forcepoint Federal) has been defending the world's most critical data and networks against the most complex cyber threats imaginable for more than 25 years.

Reken

Reken

Reken are building a new type of AI platform and products to protect against generative AI threats.

ManagedMethods

ManagedMethods

ManagedMethods is a leading Google Workspace and Microsoft 365 data security and student safety platform for K-12 schools.