Russian Government Hacking Groups Often Work Alone

The Russian government has fostered competition among three of its agencies, which operate independently from one another and compete for funds. These Russian-attributed actors are part of a larger picture in which Russia is one of the strongest powers in cyber warfare today. 

Like a number of other countries Russia is known to conduct a wide range of cyber espionage and sabotage operations and it has been hacking and attacking for the last three decades. Their advanced tools, unique approaches, and solid infrastructures suggest enormous and complicated operations that involve different military and government entities inside Russia.

This, in turn, has resulted in each group developing and hoarding its tools, rather than sharing toolkits with their counterparts, a common sight among Chinese and North Korean state-sponsored hackers. 

"Every actor or organisation under the Russian APT umbrella has its own dedicated malware development teams, working for years in parallel on similar malware toolkits and frameworks," researchers from Intezer told ZDNet.

"While each actor does reuse its code in different operations and between different malware families, there is no single tool, library or framework that is shared between different actors."

These findings suggest that Russia's cyber-espionage apparatus is investing a lot of effort into its operational security.

"By avoiding different organisations re-using the same tools on a wide range of targets, they overcome the risk that one compromised operation will expose other active operations......A research of such scale, to map code connections inside a whole ecosystem wasn't done before," Itay Cohen, a security researcher with Check Point told ZDNet.

"We didn't analyse the nature of each code since we are talking about thousands of samples.....We can say that the obvious clusters we see in our mapping can tell us that each organisation is working separately, at least in the technical aspect....
Some clusters, such as the one of ComRAT, Agent.BTZ, and Uroburos, represents an evolution of a malware family across the years."

The research team has launched a website with an interactive map for highlighting the connections between the Russian APT malware samples they analysed.

They also released a signature based tool to scan a host or a file against the most commonly re-used pieces of code by Russian APTs. This tool should help organisations detect if they've been infected by malware that has ties (shared code) with older strains of Russian APT malware.

ZDNet:        Intezer:      CheckPoint:

You Might Also Read:  

Rogue States Are Funding Stateless Hackers:

 

 

« New US Cyber Attacks On Iran
The Future Of Cyber Security Is AI »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

FlashRouters

FlashRouters

FlashRouters offers DD-WRT compatible router models with improved performance, privacy/security options, and advanced functionality.

First Response

First Response

First Response is a Cyber Incident Response and Digital Forensic Investigation company.

Pole SCS (Secure Communicating Solutions)

Pole SCS (Secure Communicating Solutions)

SCS is a world-class competitiveness cluster dedicated to digital technologies in the fields of Microelectronics, Internet Of Things, Digital Security, Artificial Intelligence And Big Data.

Simula Research Laboratory

Simula Research Laboratory

Simula Research Laboratory carries out research in the fields of communication systems, scientific computing and software engineering.

Protiviti

Protiviti

Protiviti consulting solutions span critical business problems in technology, business process, analytics, risk, compliance, transactions and internal audit.

Cyber Execs

Cyber Execs

Cyber Execs is a Cyber Security Consultancy & Executive Recruitment firm.

BeDefended

BeDefended

BeDefended is an Italian company operating in IT Security and specialized in Cloud and Application Security with years of experience in penetration testing, consulting, training, and research.

Araxxe

Araxxe

Araxxe delivers Revenue Assurance, End-to-End Billing Verification and Interconnect Fraud Detection solutions to communication companies worldwide.

neoEYED

neoEYED

neoEYED helps banks and fintech to detect and prevent frauds using a Behavioral AI that recognizes the users just by looking at “how” they interact with the applications.

Cyber Range Solutions (CRS)

Cyber Range Solutions (CRS)

CRS provides cyber security training and improve security team performance by providing a hyper realistic, virtual training environment.

JFrog

JFrog

JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime.

Maxxsure

Maxxsure

Maxxsure provides a platform for executive management, leveraging proprietary technology that identifies, measures, and scores a company’s cyber risks.

Menaya

Menaya

Menaya provide Ethical Hackers for leading companies while also providing cyber security solutions to help major infrastructures protect against cyber crime.

Ivolv Cybersecurity

Ivolv Cybersecurity

Ivolv is here to assist your organization in building effective protection and resilience against cyber attacks.

TeKnowledge

TeKnowledge

TeKnowledge enables governments and enterprises around the world to navigate the challenges with digital transformation today and tomorrow with elite cybersecurity protection and managed services.

SiyanoAV

SiyanoAV

SiyanoAV's range of antivirus products delivers strong protection against various cyber threats, including malware, ransomware, phishing schemes, and beyond.