Russia Uncovers Major APT-style Cyber Attack

Russia Uncovers Major APT-style Cyber Attack

The Russian security service has discovered a major cyber espionage campaign targeting around 20 critical infrastructure, military and other organizations in the country, it revealed over the weekend.

The operation has been “professionally planned and executed,” with public sector bodies, scientific and military institutions, defense contractors, and other CNI firms affected, according to the Federal Security Service (FSB).

File names, infection methods and other key characteristics match up with other high-profile cyber espionage campaigns and attacks are highly targeted “based on the unique characteristics of the targeted PC,” it continued.

Attacks typically arrived in the form of a classic spearphishing email complete with malicious attachment, the note claimed.

After installing, the malware loads various modules capable of taking screenshots, intercepting network traffic, and switching on web cams and microphones across PCs and mobile devices.

The FSB said it is currently working to identify all victim organizations and minimize the impact of the attack campaign.

If the information in the statement is correct and not a typically unsubtle piece of Russian propaganda, it’s most likely that the malware came either from the US or China, although watertight attribution in such cases is famously difficult.

However, cynical observers may argue that the timing of the statement is worth noting, coming as it does during a period of heightened tensions between Russia and the US over the hacking of the Democratic National Committee (DNC).

Private emails that ended up on Wikileaks have caused great embarrassment inside the party and may have damaged presidential candidate Hillary Clinton’s standing in the country.

Investigators have already linked the year-long intrusion back to state-sponsored Russian hackers. If the Russian state has been attempting to undermine the forthcoming election and destabilize any future White House incumbent, it could be a dangerous precedent in cyberspace.

However, it would be reminiscent of tactics espoused during the Cold War by FSB predecessor the KGB – that is, attempting to disrupt, discomfort and misinform abroad by any means possible.

Source: Information Security Magazine