There are a number of countries around the world that have been accused of conducting informational attacks and cyber espionage to get a hold of important, top secret data. One of those countries is Russia, but until just recently there has been very little hard evidence to prove it.
Based on a new report from security firm FireEye, Russia may be involved in a long standing and intricate operation to steal important data from other governments and security firms across the globe, including the US. The report details an Advanced Persistent Threat or APT, in this case known as APT 28, that involves the Russian government sponsoring hackers and developers to conduct various attacks.
While there doesn’t appear to be any direct link between APT 28 and the Russian government, FireEye has uncovered a number things that leads it to believe Russian decision makers are on the inside. Around 50% of the malware connected to APT 28 was “was compiled in a Russian-language build environment consistently over the course of six years." The company also notes that 96% of related malware was written during Moscow’s business hours.
"FireEye's latest advance persistent threat report sheds light on cyber espionage operations that we assess to be most likely sponsored by the Russian government, long believed to be a leader among major nations in performing sophisticated network attacks."
The operatives involved in APT 28 use a series of phishing emails and fake/malicious websites disguised as legitimate news blogs to gain access to sensitive data. Unlike similar Chinese attacks that have surfaced, FireEye says it appears the Russian attack isn’t interested in financial gain, but rather focusing on government and military data from other countries. FireEye elaborates: “FireEye found that since at least 2007, APT28 has been targeting insider information related to governments, militaries, and security organisations that would likely benefit the Russian government."