EspionageNew report details Russia’s cyber-espionage activities

Researchers at FireEye, a Silicon Valley-based computer security firm, are connecting the Russian government to cyber espionage efforts around the world. According to a report released on Tuesday by FireEye, hackers working for the Russian government have for seven years been hacking into computer networks used by the government of Georgia, other Eastern European governments, and some European security organizations.

The attacks have not been directly linked to any Russian government office or asset such as a Web server address, instead researchers at FireEye made the government connection because the malicious software used in the attacks was written during Moscow and St. Petersburg working hours on computers that use Russian language settings and because the targets align with Russian intelligence interests. “The malware indicates a seven-year espionage effort, operating and developed over time,” Laura Galante, FireEye’s manager of threat intelligence, said. “This is a professional, well-resourced effort that has been going on for years.”

FireEye adds that it is often difficult to distinguish between Russian government attacks and attacks by Russian hackers. “You only exist as a significant Russian cybercriminal if you abide by three rules,” said Tom Kellermann, chief cybersecurity officer at Trend Micro, a security firm based in Irving, Texas “You are not allowed to hack anything within the sovereign boundary; if you find anything of interest to the regime you share it; and when called upon for ‘patriotic activities,’ you do so. In exchange you get ‘untouchable status.’ ”

The New York Times reports that FireEye is one of several global security firms that have connected the Russian government to cyber espionage. Earlier this year, Symantec, F-Secure, and CrowdStriketied a series of coordinated attacks on Western petroleum and gas companies to the Russian government. “This is state espionage,” Galante said on Tuesday. “This is Russia using its network operations to bolster their key political goals.”

American officials have blamed Russian hackers for a series of distributed denial-of-service (DDoS) attacks on Kyrgyzstan in January 2009, that, according to analysts, was meant to persuade Kyrgyzstan’s president to evict an American military base in the country. Shortly after the attacks, Kyrgyzstan announced plans to remove the U.S. base and received $2 billion in aid and loans from Russia.

Galante said FireEye’s researchers discovered the espionage campaign, called APT28 by the firm’s researchers, on computer networks of some of its clients. Targets of the campaign include the Ministry of Internal Affairs of Georgia and its Ministry of Defense, the governments of Poland and Hungary, the North Atlantic Treaty Organization, and other European security organizations.