Russian Hackers Posed as ISIS to Hack French TV Channel
Last April, the French television broadcaster TV5 Monde was hacked. The attack took its TV channels off the air as well as posted rogue content on its website and social feeds.
The perpetrators, purportedly, were part of an ISIS-linked hacking group called CyberCaliphate. Now, French authorities believe a group of Russian-sponsored hackers known as APT28 are behind the TV5Monde’s attack and framed the CyberCaliphate. Cybersecurity experts with knowledge of APT28 agree with this hunch.
APT28 has been around for quite some time and has been known to perform cyberespionage for the Russian government. The cybersecurity firm FireEye released a report about APT28’s operations in October of 2014, describing its source as coming from a "government sponsor based in Moscow.”"
That report was published over 6 months ago and FireEye has continued studying APT28’s operations. Laura Galante, FireEye’s director of threat intelligence, says it sees evidence of APT28 being behind the TV5 Monde hack. According to Galante, the infrastructure used to attack the broadcasting company was similar to APT28’s. Further, the website where CyberCaliphate took credit for the attack was register "in the same domain box where we’ve seen APT28 register other infrastructure," Galante said.
All the same, the French target appears a bit out of nature for the Russian hacking group. According to FireEye’s first report, APT28 generally targets "insider information related to governments, militaries, and security organizations that would likely benefit the Russian government."
More, the hacking group’s operations are generally in the name of espionage and not simply to wreak public havoc.
Galante agreed that this attack would be a "divergence" from APT 28’s usual tactics. At the same time, she told Business Insider that FireEye has seen "media or influencers being targeted" by these groups.
