A security firm released a new report this week linking the Russian government to funding a group of hackers that have attacked governments and political groups worldwide.
F-Secure, which is based in Finland, published a whitepaper identifying a group called the "Dukes" and saying that they believe its hackers have been "working for the Russian Federation since at least 2008 to collect intelligence in support of foreign and security policy decision-making. More specific targets, according to the report include NATO, a U.S. foreign policy think tank and other ministries in countries like Georgia, Turkey, Uganda and several others. Though not specifically named in the report, a researcher said the group might have been involved in targeting the White House and State Department as well.
While the tech site the Verge pointed out that malware used by the Dukes for cyberespionage have been reported on before, it called this report "the most definitive evidence yet that the Russian government has been sponsoring the attacks."
"The research details the connections between the malware and tactics used in these attacks to what we understand to be Russian resources and interests. These connections provide evidence that helps establish where the attacks originated from, what they were after, how they were executed, and what the objectives were. And all the signs point back to Russian state-sponsorship," Artturi Lehtio, F-Secure's lead researcher for this report, said in a statement.
The report named the various malware tools employed by the Dukes — MiniDuke, CosmicDuke, OnionDuke, CozyDuke, CloudDuke, SeaDuke, HammerDuke, PinchDuke, and GeminiDuke — and reported that they engage in "biannual large-scale spear-phishing campaigns against hundreds or even thousands of recipients associated with governmental institutions and affiliated organizations."
This type of attack, F-Secure described as "noisy," but if the information collected is valuable, the firm reported that the hackers "quickly switch the toolset used and move to using stealthier tactics focused on persistent compromise and long-term intelligence gathering."
Two new malware tools identified by the researchers are what allowed them to link the group and the attacks more to the Russian government, though the report only says that the evidence "in our opinion [suggests] that the group operates on behalf of the Russian Federation."
"The connections identified in the report have significant international security implications, particularly for states in Eastern Europe and the Caucasus," Patrik Maldre, a junior research fellow with the International Center for Defense and Security, said in a statement. "They shed new light on how heavily Russia has invested in offensive cyber capabilities, and demonstrate that those capabilities have become an important component in advancing its strategic interests. By linking together seven years of individual attacks against Georgia, Europe, and the United States, the report confirms the need for current and prospective NATO members to strengthen collective security by increasing cyber cooperation in order to avoid becoming victims of Russian information warfare, espionage, and subterfuge."
In April, Russian hackers were linked to attacks on the White House network. The State Department also reported that its computers had been targeted by hackers that month as well. While the Verge pointed out that F-Secure's report doesn't implicate the Dukes in these attacks, it reported researcher Lehito said that the firm believes "it is possible that the Dukes are also behind the recent compromises of the State Department and the White House."
Read F-Secure's full report.
Front page image via Shutterstock.