Russia-funded hacking groups attacked NATO, US govt entities

19 Sep 2015

A new report by security researchers at F-Secure Labs says hacking groups funded by the Russian government had been a running a large-scale malware campaign that had hit NATO and US government institutions.

With the linking together of seven years of individual attacks against Georgia, Europe and the US, the report confirmed the need for current and prospective NATO members to strengthen collective security through increased cyber cooperation to avoid ending up as victims of Russian information warfare, ''espionage and subterfuge''.

''[The] connections provide evidence that helps establish where the attacks originated from, what they were after, how they were executed, and what the objectives were. Nordic and Baltic countries are always trying to balance Russian and western interests, and Russia uses its cyber attack capabilities to find ways to tip the balance in its favour.

''And all the signs point back to Russian state-sponsorship'', Artturi Lehtio, F-Secure's lead researcher for the report, said in a statement.

Labeling the organisation ''the Dukes'', the Finland-based company, reported that some nine malware toolsets had been used to glean information for the government's security and foreign policy decision making.

According to the report, the group's cyberattacks focused solely on targets of interest by the Russian government, including criminal organisations and ministries of defence. ''We believe the only benefactor with the power to offer such comprehensive protection would be the government of the nation from which the group operates''.

Among the target organisations listed in the report are the former Georgian Information Centre on NATO, Georgia's defence ministry, the foreign ministries of both Turkey and Uganda, and other government institutions and political think tanks in the US, Europe and Central Asia.

The report does not come as the first pointing a finger at the Kremlin for sponsoring cyberespionage.

Russian and Chinese governments were blamed last years by separate groups of security researchers for the widespread cyberespionage that hit targets in the US and elsewhere.

In 2014, US security firm Symantec had reported the discovery of a highly-sophisticated cyber-spying tool called the Regin which had been in use since 2008 to steal information from governments and businesses.