Russian Hackers Targeting U.S. Government, F-Secure Says
A malicious group called the Dukes uses a family of malware toolsets to steal information by infiltrating computer networks and sending the data back to the attackers, according to F-Secure Labs. The former Georgian Information Center on NATO — now called the Information Center on NATO and EU — along with the Ministry of Defense of Georgia, Turkey and Uganda ministries of foreign affairs, and other government institutions and political think tanks in the U.S., Europe, and Central Asia, are among the targets.
“The research details the connections between the malware and tactics used in these attacks to what we understand to be Russian resources and interests,” said Artturi Lehtiö, the F-Secure researcher heading the investigation, in a statement.
Lehtiö noted that the new analysis strengthens claims that the group is backed by Russia, and is working to support Russian intelligence gathering. “These connections provide evidence that helps establish where the attacks originated from, what they were after, how they were executed, and what the objectives were. And all the signs point back to Russian state-sponsorship,” he said.
How Important Is This?
F-Secure Labs said that the Dukes use nine variants of malware toolsets. Although many of those toolsets were already known to security researchers, Lehtiö discovered two new variants that helped him peg connections between the group and the attacks.
The connections F-Secure identified have significant international security implications, particularly for states in Eastern Europe and the Caucasus, said Patrik Maldre, a junior research fellow with the International Center for Defense and Security.
“They shed new light on how heavily Russia has invested in offensive cyber capabilities, and demonstrate that those capabilities have become an important component in advancing its strategic interests,” Maldre said in the statement. “By linking together seven years of individual attacks against Georgia, Europe, and the United States, the report confirms the need for current and prospective NATO members to strengthen collective security by increasing cyber cooperation in order to avoid becoming victims of Russian information warfare, espionage, and subterfuge.”
An Important Topic
The report has special significance for countries in Northern Europe, said Mika Aaltola, program director for the global security research program at the Finnish Institute of International Affairs.
“Smaller countries, such as Sweden and Finland, are particularly vulnerable to this kind of espionage,” Aaltola said in the statement. “Nordic and Baltic countries are always trying to balance Russian and Western interests, and Russia uses their cyberattack capabilities to find ways to tip the balance in their favor. Attributing cyberattacks is notoriously challenging, which lets Russia deny their activities in this space, and exert their influence in much softer, much less visible ways.”
We reached out to Tim Erlin, director of IT security and risk strategy at advanced threat protection firm Tripwire, to get his thoughts on the news. He told us he’s seeing an increase in the use of attack attribution as a political gambit.
“The discussion, though brief, of China’s cyberattacks on the U.S. in last night’s Republican presidential debate is certainly one aspect of this new frontier for information security, but this kind of public pronouncement of culpability from Russia is another,” Erlin said. “We should expect that cybersecurity will continue to be an important topic in the politics, and we should also expect that nations and politicians will evolve their rhetoric on this topic as they further understand the potential leverage.”