Russian Government behind Malware-Aided Cyberespionage for 7 Years
Cybersecurity researchers have discovered a state-sponsored Russian hacking group called “the Dukes” running cyber espionage operations against other Governments for nearly a decade, according to reports.
Finland-based F-Secure Labs, a security firm, has published a new report that details the discovery of a well-resourced, state-sponsored Russian hacking group called “the Dukes.” According to the report, the Dukes were responsible for multiple cyber attacks through a series of malware campaigns targeting think tanks, governments, and other significant organizations.
The entire published report issued today can be downloaded here.
A quick sampling of the list of foreign targets in the report include:
- Government institutions and politically-proficient think tanks in Europe, Central Asia, and the U.S.
- Governments that are members of the Commonwealth including countries from Asia, Africa, and the Middle East.
- Organizations associated with Chechen terrorism.
- Russian speakers in the drugs trade.
- A Georgian NATO branch.
- Uganda’s Ministry of Foreign Affairs.
Dukes and the Russian-state Links
It has to be noted that F-Secure – besides publishing its findings and allegations today, had previously published a quick analysis into the ways in which “Dukes” operated.
The hacking group wielded techniques such as spear-phishing campaigns against targets in tandem with large malware toolsets. This ensured the relentless compromise of targets and established long-term cyberespionage channels for gathering intelligence.
The entire operation was reportedly so sophisticated that Dukes actively modified tools to evade detection. If the tools were discovered, Dukes would reportedly alter its set of attack tools rather than cease its activities.
Despite such measures, there was enough evidence left behind to suggest that Dukes was conducting its cyber espionage operations at the behest of Russian state interests, according to F-Secure’s lead researcher into the investigation – Artturi Lehtiö.
The research details the connections between the malware and the tactics used in these attacks to what we understand to be Russian resources and interests, he contends.
“These connections provide evidence that helps establish where the attacks originated from, what they were after, how they were executed and what the objectives were. And all the signs point back to Russian state-sponsorship,” Lehtiö added.
Featured image from Shutterstock.