The Expert's View with Jeremy Kirk

Breach Notification , Fraud Management & Cybercrime , Incident & Breach Response

Russia Claims It's Victim of Cyberattacks

Nation Often Blamed for Hacks Offers Details on Breaches It Claims It's Suffered
Russia Claims It's Victim of Cyberattacks

Russia often loses the public relations battle when it comes to hacking. It, along with China, are blamed so often for intrusions into Western organizations that it's almost a foregone conclusion when discussing sophisticated cyber spying.

See Also: BEC Defense: Advanced Tactics to Shield Your Organization

But on July 30, Russia took a swing back, saying it, too, has been the victim of a coordinated hacking campaign. The country's Federal Security Service says it has discovered malicious software that infected 20 organizations.

The FSB, which did not indicate who it suspects is behind the attacks, says the targets included public authorities as well as scientific and military institutions. Malware was developed for each specific victim, which was then distributed through malicious attachments in emails, according to the FSB. The malware monitors network traffic, turns on a web cam or microphone and records keystrokes, the agency says.

The Russian-language news release was at best a feeble response to weeks of unending media coverage that has implicated Russia as potentially responsible for the compromises of various Democratic Party systems in the U.S. (see Clinton Campaign Reports Breach). Russia has officially dismissed accusations that it coordinated the release of more than 19,000 internal Democratic National Committee emails that threw the party into turmoil.

But the press release is likely the first time the Russian government has provided such specific details concerning a coordinated cyberattack against organizations in the nation, says Alexey Muraviev, head of the social sciences and security department at Curtin University in Perth, Australia. Until now, the FSB - the country's FBI-equivalent in charge of counterintelligence - and other Russian security agencies have been far more clandestine about such matters than Western agencies, Muraviev says.

"Clearly, the Russians want to demonstrate they are as much of a victim of cyber warfare as anyone else," Muraviev says. "It's very unusual for them to really promote and publicize evidence that they collect."

Western Bias?

The hacking of three entities - the DNC, Hillary Clinton's campaign and the Democratic Congressional Campaign Committee - has raised the prospect that a foreign power might be attempting to influence the U.S. presidential election using stolen data.

Speculation about who's responsible for the recent Democratic Party hacks has been fueled, in part, by research from CrowdStrike, which investigated the DNC compromise.

In recent years, CrowdStrike, Trend Micro, Palo Alto Networks and many other Western security companies have released detailed reports on so-called advanced persistent threat groups.

Drawing on technical data from cyberattacks seen against those companies' customers, the reports have a strong Western tilt. So it's not surprising that adversaries of the West, such as Russia and China, are prime suspects in many cyberattacks. The computer security industries in Russia and China, on the other hand, have rarely accused the West of hack attacks, showing a lopsided view of nation-state hacking, says Jeffrey Carr, CEO at cybersecurity firm Taia Global.

"We never see any APT groups that are assigned to western nations - U.S., the U.K., Germany, Israel," Carr says. "When you look at these spreadsheets that list all of the different threat actor groups, you only see ones from certain countries and you see zero from other countries. This, to me, points out a serious flaw in how we are mapping the threat landscape."

The Exception

There has been one exception among vendors: Kaspersky Lab. The Russian-based anti-virus vendor published research in February 2015 on a hacking collective it calls the Equation Group that seems to link to the West.

The Equation Group's exceptional technical capabilities caused Kaspersky Lab to dub it the "god of cyberespionage." The group, for example, engineered a tool that allowed it to reprogram the hard drive firmware of more than a dozen manufacturers, an impressive effort that could have only been the project of a government, Kaspersky claims.

Kaspersky concluded the Equation Group also had access to the same zero-day vulnerabilities that were used to spread Stuxnet. That malware sabotaged Iran's uranium centrifuges by sending destructive commands to industrial control systems. Believed to have been a joint project between the U.S. and Israel, neither country formally claimed responsibility.

Kaspersky's strong ties with Russia may have made it less reluctant to keep its findings secret. The company never tagged the Equation Group to a country, but its capabilities and targets left few suspects. Many speculated the group is part of the U.S. National Security Agency. The U.S. has acknowledged developing an offensive cyber capability, which it contends is a crucial component of national security.

Taia Global's Carr has often criticized how security companies attribute cyberattacks to countries, arguing that there is often a lack of definitive technical evidence. CrowdStrike says it believes the hacking groups responsible for recent hacks against the Democratic Party may be affiliated with Russia's FSB and GRU, a military intelligence unit. Unless U.S. intelligence agencies, which have much deeper reach than private companies, confirm the findings, they're just an assumption that could have a deep impact on foreign relations, Carr contends.

But the FSB announcement about recent cyberattacks against Russian institutions may be a sign that Russia is no longer going to be quiet about such intrusions - particularly those it suspects come from Western governments - in an effort show that hacking goes both ways. "It makes perfect sense that this would be a tit-for-tat disclosure," Carr says.

About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.