Russian Government Hacking Groups Often Work Alone

Uploaded on 2019-10-04 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-Russia, GOVERNMENT-National, FREE TO VIEW

The Russian government has fostered competition among three of its agencies, which operate independently from one another and compete for funds. These Russian-attributed actors are part of a larger picture in which Russia is one of the strongest powers in cyber warfare today. 

Like a number of other countries Russia is known to conduct a wide range of cyber espionage and sabotage operations and it has been hacking and attacking for the last three decades. Their advanced tools, unique approaches, and solid infrastructures suggest enormous and complicated operations that involve different military and government entities inside Russia.

This, in turn, has resulted in each group developing and hoarding its tools, rather than sharing toolkits with their counterparts, a common sight among Chinese and North Korean state-sponsored hackers. 

"Every actor or organisation under the Russian APT umbrella has its own dedicated malware development teams, working for years in parallel on similar malware toolkits and frameworks," researchers from Intezer told ZDNet.

"While each actor does reuse its code in different operations and between different malware families, there is no single tool, library or framework that is shared between different actors."

These findings suggest that Russia's cyber-espionage apparatus is investing a lot of effort into its operational security.

"By avoiding different organisations re-using the same tools on a wide range of targets, they overcome the risk that one compromised operation will expose other active operations......A research of such scale, to map code connections inside a whole ecosystem wasn't done before," Itay Cohen, a security researcher with Check Point told ZDNet.

"We didn't analyse the nature of each code since we are talking about thousands of samples.....We can say that the obvious clusters we see in our mapping can tell us that each organisation is working separately, at least in the technical aspect....
Some clusters, such as the one of ComRAT, Agent.BTZ, and Uroburos, represents an evolution of a malware family across the years."

The research team has launched a website with an interactive map for highlighting the connections between the Russian APT malware samples they analysed.

They also released a signature based tool to scan a host or a file against the most commonly re-used pieces of code by Russian APTs. This tool should help organisations detect if they've been infected by malware that has ties (shared code) with older strains of Russian APT malware.

ZDNet:        Intezer:      CheckPoint:

You Might Also Read:  

Rogue States Are Funding Stateless Hackers:

 

 

« New US Cyber Attacks On Iran
The Future Of Cyber Security Is AI »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cysec Resource Co (CRC)

Cysec Resource Co (CRC)

We offer expertise in information and cyber security, sourcing individuals and teams who provide information security expertise to the public and private sector.

International Organization for Standardization (ISO)

International Organization for Standardization (ISO)

ISO is an independent, non-governmental international standards organization. The ISO/IEC 27001 is the standard for information security management systems.

Idaho National Laboratory (INL)

Idaho National Laboratory (INL)

INL is an applied engineering laboratory dedicated to supporting the US Dept of Energy's missions in energy research, nuclear science and national defense including critical infrastructure protection.

Protergo Cyber Security

Protergo Cyber Security

Protergo Cyber Security is the first integrated provider of cybersecurity solutions in Indonesia. We proactively protect our clients from cyber threats.

Cyscale

Cyscale

Cyscale automates the contextual analysis of cloud misconfigurations, vulnerabilities, access, and data, to provide an accurate and actionable assessment of risk.

EVOKE

EVOKE

EVOKE is an award-winning Digital Transformation company that partners with its clients to build digital workplace solutions for organizational challenges.

Hex-Rays

Hex-Rays

Founded in 2005, privately held, Belgium based, Hex-Rays SA focuses on the development of fast, stable, and robust binary analysis tools for the IT security market.

Prism Infosec

Prism Infosec

Prism Infosec is an award-winning independent cyber security consultancy, CREST STAR, NCSC CHECK member, CAA ASSURE audit provider and PCI Qualified Security Assessor.

J.S. Held

J.S. Held

J.S. Held is a global consulting firm providing technical, scientific, and financial expertise across all assets and value at risk.

Verisign

Verisign

Verisign is a Global Leader in Domain Names & Internet Security, providing protection for websites and enterprises around the world.

Beyon Cyber

Beyon Cyber

Beyon Cyber offer a complete portfolio of advanced solutions & services for cyber security in Bahrain.

ProvenRun

ProvenRun

ProvenRun is a leading provider of trusted software solutions with extensive expertise and an unwavering commitment to security.

Northern Computer

Northern Computer

Northern Computer provides comprehensive IT solutions that streamline your operations and help you achieve your business goals.

Increase Your Skills (IYS)

Increase Your Skills (IYS)

Armed and ready: raise awareness of cyberattacks in your company with the Full-Service Awareness Platform from IYS – fast and effective. We help you develop a robust, sustainable security strategy.

Gathid

Gathid

Gathid is a unique and versatile identity governance platform providing organizations with the ability to model, explore, audit, and track complex access-related scenarios.

Instil Software

Instil Software

Instil helps technology brands transform, innovate and disrupt their markets with category-defining software products that challenge us to think, feel and act in new ways.