FireEye accuses malware group of having Russia govt sponsor

By bne IntelliNews October 29, 2014

bne -

 

FireEye, a leading cyber-security firm, claims to have detected Kremlin links to APT28, a well-known malware distributing and network infiltrating gang. According to FireEye, the group has "ongoing, focused operations that we believe indicate a government sponsor based in Moscow."

In contrast with China-based peers tracked by FireEye, APT28 does not appear to pursue commercial targets, but instead "focuses on collecting intelligence that would be most useful to a government." Specifically, FireEye found that since 2007 APT28 has been "targeting privileged information related to governments, militaries and security organizations that would likely benefit the Russian government," the company said in a press release. 

"APT28 has systematically evolved its malware since 2007, using flexible and lasting platforms indicative of plans for long-term use and sophisticated coding practices that suggest an interest in complicating reverse engineering efforts," the release continued.

According to FireEye, the APT28 cyber-attacks focused on targets in the Caucasus of interest to Russian security, such as the pro-Chechen rebels internet site Kavkaz Centre, and journalists writing about the topic, as well as sites in Poland and other Central European countries related to security and defence.

Other mundane factors, such as Russian being the apparent preferred language of the programmers, and working hours suggesting a Moscow or St Petersburg location, point to Russian involvement, according to the report.

"While we don’t have pictures of a building, personas to reveal or a government agency to name, what we do have is evidence of long-standing, focused operations that indicate a government sponsor - specifically a government based in Moscow," reads the report.

In the most recent recorded case of attempted penetration of an Eastern European state's cyber-security, the APT28 circulated to a Polish government institution - most likely the foreign ministry - a lure containing the malware, in the form of an international press report on the downing of the MH17 Malaysian Airlines flight over Ukraine July 17 that sparked an international crisis. 

The APT28 group has registered numerous domains imitating domain names of Eastern European government and media, the report adds.

Concerns over Russian cyber-warfare capabilities first surfaced internationally in 2007 when Estonia's government claimed it was subject to a Russian cyber attack, and proposed the addition of cyber-warfare defence capacities to Nato.

Related Articles

Drum rolls in the great disappearing act of Russia's banks

Jason Corcoran in Moscow - Russian banks are disappearing at the fastest rate ever as the country's deepening recession makes it easier for the central bank to expose money laundering, dodgy lending ... more

Kremlin: No evidence in Olympic doping allegations against Russia

bne IntelliNews - The Kremlin supported by national sports authorities has brushed aside "groundless" allegations of a mass doping scam involving Russian athletes after the World Anti-Doping Agency ... more

PROFILE: Day of reckoning comes for eccentric owner of Russian bank Uralsib

Jason Corcoran in Moscow - Revelations and mysticism may have been the stock-in-trade of Nikolai Tsvetkov’s management style, but ultimately they didn’t help him to hold on to his ... more

Register here to continue reading this article and 2 more for free or purchase 12 months full website access including the bne Magazine for just $119/year.

Already a subscriber or registered - click here to recover access.

If you a IntelliNews Pro user - click here to login.

Thank you. Please complete your registration by confirming your email address.
A confirmation email has been sent to the email address you provided.

To continue viewing our content you need to complete the registration process.

Please look for an email that was sent to with the subject line "Confirmation bne IntelliNews access". This email will have instructions on how to complete registration process. Please check in your "Junk" folder in case this communication was misdirected in your email system.

Already a subscriber or registered - click here to recover access.

If you a IntelliNews Pro user - click here to login.

If you have any questions please contact us at sales@intellinews.com

Subscribe to bne IntelliNews website and magazine

Subscribe to bne IntelliNews website and monthly magazine, the leading source of business, economic and financial news and commentary in emerging markets.

Your subscription includes:
  • Full access to the bne content daily news and features on the website
  • Newsletters direct to your mailbox
  • Print and digital subscription to the monthly bne magazine
  • Digital subscription to the weekly bne newspaper

Already a subscriber or registered - click here to recover access.

If you a IntelliNews Pro user - click here to login.

bne IntelliNews
$119 per year

All prices are in US dollars net of applicable taxes.

If you have any questions please contact us at sales@intellinews.com

Register for free to read bne IntelliNews Magazine. You'll receive a free digital subscription.

Already a subscriber or registered - click here to recover access.

If you a IntelliNews Pro user - click here to login.

Thank you. Please complete your registration by confirming your email address.
A confirmation email has been sent to the email address you provided.

IntelliNews Pro offers daily news updates delivered to your inbox and in-depth data reports.
Get the emerging markets newswire that financial professionals trust.

"No day starts for my team without IntelliNews Pro" — UBS

Thank-you for requesting an IntelliNews Pro trial. Our team will be in contact with you shortly.

Dismiss