bne -

FireEye, a leading cyber-security firm, claims to have detected Kremlin links to APT28, a well-known malware distributing and network infiltrating gang. According to FireEye, the group has "ongoing, focused operations that we believe indicate a government sponsor based in Moscow."

In contrast with China-based peers tracked by FireEye, APT28 does not appear to pursue commercial targets, but instead "focuses on collecting intelligence that would be most useful to a government." Specifically, FireEye found that since 2007 APT28 has been "targeting privileged information related to governments, militaries and security organizations that would likely benefit the Russian government," the company said in a press release. 

"APT28 has systematically evolved its malware since 2007, using flexible and lasting platforms indicative of plans for long-term use and sophisticated coding practices that suggest an interest in complicating reverse engineering efforts," the release continued.

According to FireEye, the APT28 cyber-attacks focused on targets in the Caucasus of interest to Russian security, such as the pro-Chechen rebels internet site Kavkaz Centre, and journalists writing about the topic, as well as sites in Poland and other Central European countries related to security and defence.

Other mundane factors, such as Russian being the apparent preferred language of the programmers, and working hours suggesting a Moscow or St Petersburg location, point to Russian involvement, according to the report.

"While we don’t have pictures of a building, personas to reveal or a government agency to name, what we do have is evidence of long-standing, focused operations that indicate a government sponsor - specifically a government based in Moscow," reads the report.

In the most recent recorded case of attempted penetration of an Eastern European state's cyber-security, the APT28 circulated to a Polish government institution - most likely the foreign ministry - a lure containing the malware, in the form of an international press report on the downing of the MH17 Malaysian Airlines flight over Ukraine July 17 that sparked an international crisis. 

The APT28 group has registered numerous domains imitating domain names of Eastern European government and media, the report adds.

Concerns over Russian cyber-warfare capabilities first surfaced internationally in 2007 when Estonia's government claimed it was subject to a Russian cyber attack, and proposed the addition of cyber-warfare defence capacities to Nato.