Meet APT28, Russian-backed malware for gathering intelligence from governments, militaries: Report

Researchers at computer security firm FireEye are once again connecting the government of Russia to cyber espionage activities that are being carried out all over the world.

FireEye released a report on Tuesday which said that hackers working for the government of Russia have been breaking into computer networks for the past seven years, using highly advanced methods.

Included in the networks that the hackers have targeted are systems of the government of Georgia, other governments and militaries in Eastern Europe, the North Atlantic Treaty Organization and other security organizations in Europe.

The report, published and discussed in a post in FireEye's official blog, is entitled "APT28: A Window Into Russia's Cyber Espionage Operations?" and is focused on the threat group that the company has named APT28.

The malware that APT28 is using is well known in the cybersecurity sector. However, FireEye's report adds more information regarding the hacker group, including revealing currently ongoing operations that the company believes the group is sponsored by a government unit based in Moscow.

Unlike the China-based threat groups that FireEye is tracking, the company said that APT28 looks like it is not conducting its widespread theft of intellectual property for purely economic gains. APT28's actions show that it is focused on the collection of intelligence that will be most beneficial to a government.

FireEye also discussed several samples of the malware used by APT28, including details that show that the developers of the malware are speakers of the Russian language and operate during times that coincide with the business hours of the major cities of Russia.

These factors, including several more that FireEye details in the report, led to the company's assessment that APT28 most likely has the government of Russia as a sponsor.

"This is state espionage," said FireEye's manager of threat intelligence Laura Galante. "This is Russia using its network operations to bolster their key political goals."

Intelligence analysts have long seen Russia as a source for major concern. This is supported by information obtained by The New York Times last year that named Russia as the most sophisticated opponent of the United States within cyberspace.

The report by FireEye, however, said that it is hard to determine if attacks are made by Russian cybercriminals or by the Russian government.

"You only exist as a significant Russian cybercriminal if you abide by three rules," said Trend Micro chief cybersecurity officer Tom Kellermann. "You are not allowed to hack anything within the sovereign boundary; if you find anything of interest to the regime you share it; and when called upon for 'patriotic activities,' you do so. In exchange you get 'untouchable status.'"

FireEye has released indicators to aid organizations in detecting activities done by the APT28, which can be freely downloaded.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics