Russian military networks and critical infrastructures have been targeted by malware.
Government officials confirmed being hit by a successful spear-phishing attack as stated by the FSB, the country’s principal security agency and main successor to the KGB.
Recently, the Russian Federal Security Service found evidence of malware spreading across networks of various organizations in the country.
There are approximately 20 of them including defense contractors, scientific and military institutions, and public authorities that were found to be infected by the tailor-made malware.
Though Russia is not pointing fingers directly at suspected hackers, officials tell how the malware suggests a professionally planned attack.
High-Profile Cyber-Espionage Operation
FSB’s analysis showed that the coverage sites imply that the targets were primarily deliberately handpicked.
It seems the infections were executed as part of cyber-espionage.
The style of writing, file names, parameters, and infection methods as to how the malware deployed the attack closely resembles high-profile hack operations that have been previously used around the world.
Cyber-espionage refers to the utilization of computer networks to illicitly access confidential information often held by a government or other organizations.
According to an FSB statement, these are the ways by which the malware worked:
Targeted employees received an email message containing an attachment which, unknown to the recipient, held the malware.
Clicking on the attached file unleashes the virus. Once installed by the user, it downloads additional modules that empower the hacker over a myriad of computer tasks.
The well equipped malware is quite capable of intercepting network traffic, logging key strokes, switching on microphones and web cameras to record audio and video, as well as to capture and transmit screenshots.
Sets of software were particularly designed and adapted for each victim based on the unique characteristics of the target PC. The malware is then delivered as an unsuspicious malicious email attachment.
The FSB is currently working with other government agencies and Russian ministries to identify all malware victims, localize the threat and limit its effects and consequences.
Government-Linked Hacks
The malware attack is reminiscent of phishing hacks that seem to be commonplace in today’s times, targeting federal agencies and corporations in the US every day.
News of Russian critical infrastructure and networks malware infection comes in the wake of high-profile hacks that recently caused turmoil in U.S. presidential election campaigns.
Democratic Party networks were compromised with a massive cache of emails released by WikiLeaks.
The computer attacks tarnished presidential candidate Hillary Clinton’s image as shady schemes transpiring behind-the-scenes were exposed.
Investigators cited evidence suggesting state-sponsored involvement and that these hacks were actually backed by the government entities.
Crowdstrike, a security firm hired by the DNC to investigate the hack, attributed the malware intrusion to two hacking teams with Russian government ties.
Other firms such as Fidelis Cybersecurity agreed with this claim.
Chief Security Officer Justin Harvey tells how they reached their conclusion based on the malware used.
The same malicious code including reused IP addresses were also discovered in other attacks mainly thought to be carried out by Russian hacker groups.
Rival Republican candidate Donald Trump even hinted that Russian spies should infiltrate Clinton’s email in search of the allegedly missing 30,000 messages while she was Secretary of State.
He doubles down encouraging hackers in a tweet to share the emails with the FBI if they do have it.
Russian Involvement
Evidence of these cyber-attacks typically concluded Russian involvement.
Russia is said to be the source and not the target, yet their government is now faced with the same alarming concern.
A lone hacker by the name Guccifer 2.0 tried to take credit for the DNC breach but denies having any ties to the Russian government.
The hacker proved this by leaking some stolen DNC documents and sending additional files to WikiLeaks for publication.
Security experts remain skeptical, believing that the actor aims to divert blame from the country as part of a misinformation campaign led by no other than the Russians.
Still, it all boils down to Russian government officials’ flat denial of any involvement with the DNC hack.
Cybereason Security Firm CTO Yonatan Striem-Amit points out that even if it is eventually proven that state-sponsored hackers were not really responsible for such top-level malware attacks, they would have definitely learned from the DNC leaks.
They’re probably realizing by now that they could have a crucial tool for political influence in hand.