Russian cyber-espionage campaign uncovered

Cybersecurity researchers in Finland have recently identified a Russian hacking group carrying out attacks on foreign governments and other organizations for over seven years. F-secure lab reports that cyberattacks were launched to support Russian intelligence gathering using malware to infiltrate computer networks and steal information. The malware has been reportedly used before, but this report is being considered the most definitive evidence that the Russian government is supporting the attacks.

The well-resourced Russian hacking group known as “the Dukes,” have targeted government institutions and political think tanks in the US, Europe, and Central Asia. The Dukes campaigns utilize a “smash and grab” approach. F-Secure described the method as a “noisy, fast break in”, and then the extraction of as much data as possible. If the data proves valuable, the group will then switch to a more exact and strategic method.

The first known campaigns began in 2008, with targets including the Ministry of Defense in Georgia, and the ministries of foreign affairs in Turkey and Uganda. F-secure believes that “the Duke’s primary mission is to be so valuable to their benefactors that is continuation outweighs everything else.” Some of the group’s operations have been uncovered before, however it was difficult to link them to the Russian government.

Although The Dukes have targeted governments all over the world, they have not been reported to have ever attacked the Russian government. Artturi Lehtio, F-secure’s researcher headed the investigation stated, “the connections provide evidence that helps establish where the attacks originated from, what they were after, how they were executed, and what the objectives were. And all signs point back to Russian State sponsorship.”

In April, Russia launched cyberattacks on the White House network, and the State Department reported that its computers had been targeted as well. Over the summer, the US admitted to being hacked again on the Pentagons’ joint staff email. While, F-secure does not directly implicated the Dukes in leading these attacks, they do believe that they represent possible perpetrators.

The group has been linked to the attack in October 2014, when hackers breached the email system of the Executive Office of the President. This hack broke down the system for months and was successful in accessing some non-classified information such as President Obama’s schedule and some emails. While Kaspersky lab, which is known to be close to Russian intelligence, said in July that 50 percent of all malware attacks come from Russia, F-secure has spent the last seven years confirming the links between these hacks with the Russian government.

Russia’s ability to utilize outside hacking groups in order to conduct state-sponsored cyber-espionage helps to provide Moscow with an added layer of plausible deniability, and waiting for the years it make take to secure absolute assurance of Russia’s involvement makes a swift and coherent response from the U.S. difficult.