Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

APT focus: ‘Noisy’ Russian hacking crews are among the world’s most sophisticated

State-sponsored Russian cyber espionage groups are among the most sophisticated of the nation-state threat actors, with an added flair for deception that makes them the canniest of adversaries.

Experts quizzed by The Daily Swig said that Russian cyber-threat actors are among the best in the world, on a par with the top groups operating out of China, and with similar capabilities to western intelligence agencies – especially those with close links to the Federal Security Service (FSB) or military.

What are the techniques and tactics of Russian threat actors?

Russian state-sponsored actors typically have more sophisticated tactics, techniques, and procedures (TTPs) alongside custom malware development capabilities and tighter operational security when compared to other groups.

Xueyin Peh, senior cyber threat intelligence analyst at Digital Shadows, told The Daily Swig: “Russia-linked APT groups are arguably some of the most technically advanced state-sponsored threat groups.

“They have used techniques that enable them to remain undetected for long periods of time, such as in the supply chain attack leveraging SolarWinds’ Orion Platform (which likely began as early as Spring 2020 but was only made known publicly in December 2020).

“This large-scale intrusion and the multiple techniques used to obfuscate their activity are testament to the technical prowess of these groups. In comparison, very few other state-associated APT groups – probably only those linked to the People’s Republic of China – have conducted supply chain attacks of similar scale,” Peh added.

The recent SolarWinds campaign that drew so much attention to the threat of Russian cyber espionage was actually atypical for Russian actors in its use of a technology supply chain access vector, according to some threat intel experts.

Paul Prudhomme, head of threat intelligence advisory at IntSights, explained: “Russian cyber espionage groups have not historically used such attack vectors on any significant scale. Indeed, technology supply chain campaigns are more typical of their Chinese counterparts.

“This adoption of a new technique could indicate a willingness to emulate the practices of other actors.”

Vince Warrington, CEO of infosec firm Dark Intelligence, added that “Chinese state-backed attacks tend to be concerned with long-term intelligence gathering, so they tend to be slow moving, methodical, and with the aim of being able to infiltrate an organisation and extract data over the long term – think years instead of days or months.

“The Russian approach, meanwhile, has a much more short-term focus and is more concerned with gathering and exploiting data right now. Therefore, their tactics tend to be ‘noisier’ than their Chinese counterparts.

“Whereas China wishes to be the proverbial ‘ghost in the system’, the Russian state-backed groups are more likely to leave traces of their presence.”

Daniel Smith, head of security researchat Radware, commented: “Nation-state and state-sponsored threat actors in Russia tend to use cyber tactics as a geopolitical lever.

“In contrast, Chinese nation-state and state-sponsored threat actors’ objectives are aligned with data collection and global surveillance.”

‘Russian state-backed threat groups are more likely to leave traces of their presence’

How are Russian cyber-threat groups evolving?

Yana Blachman, threat intelligence specialist at Venafi, told The Daily Swig: “Russian state-sponsored APT groups make use of highly sophisticated TTPs to conduct disinformation, propaganda, espionage, and destructive cyber-attacks on a global scale.

Advertisement. Scroll to continue reading.

“Unlike other groups that reuse code, use OS code or even buy tools, Russian APT groups are known to use their own tailor-made tools for their campaigns, with customised approaches for each target. They continue to develop new tools and redevelop old ones, and their TTPs prioritise operational security and defence evasion, making Russian APT activity very hard to detect.”

Paul Prudhomme, head of threat intelligence advisory at IntSights, explained: “Russian cyber espionage groups have not historically used such attack vectors on any significant scale. Indeed, technology supply chain campaigns are more typical of their Chinese counterparts.

“This adoption of a new technique could indicate a willingness to emulate the practices of other actors.”

Vince Warrington, CEO of infosec firm Dark Intelligence, added that “Chinese state-backed attacks tend to be concerned with long-term intelligence gathering, so they tend to be slow moving, methodical, and with the aim of being able to infiltrate an organisation and extract data over the long term – think years instead of days or months.

“The Russian approach, meanwhile, has a much more short-term focus and is more concerned with gathering and exploiting data right now. Therefore, their tactics tend to be ‘noisier’ than their Chinese counterparts.

“Whereas China wishes to be the proverbial ‘ghost in the system’, the Russian state-backed groups are more likely to leave traces of their presence.”

Daniel Smith, head of security researchat Radware, commented: “Nation-state and state-sponsored threat actors in Russia tend to use cyber tactics as a geopolitical lever.

“In contrast, Chinese nation-state and state-sponsored threat actors’ objectives are aligned with data collection and global surveillance.”

‘Russian state-backed threat groups are more likely to leave traces of their presence’

How are Russian cyber-threat groups evolving?

Yana Blachman, threat intelligence specialist at Venafi, told The Daily Swig: “Russian state-sponsored APT groups make use of highly sophisticated TTPs to conduct disinformation, propaganda, espionage, and destructive cyber-attacks on a global scale.

“Unlike other groups that reuse code, use OS code or even buy tools, Russian APT groups are known to use their own tailor-made tools for their campaigns, with customised approaches for each target. They continue to develop new tools and redevelop old ones, and their TTPs prioritise operational security and defence evasion, making Russian APT activity very hard to detect.”

“In contrast, APT28, which is believed to operate under GRU authority, sometimes conducts much ‘noisier’ attacks – not necessarily out of a lack of operational security, but because the disruptive nature of their goals simply makes it impossible for them to avoid detection of the attack.”

For example, Sandworm (a GRU unit like APT28) was allegedly responsible for the high-profile NotPetya ransomware attack on Ukraine in 2017, which aimed to disrupt the Ukrainian economy in support of Russian foreign policy objectives.

The attack caused huge collateral damage against multinational companies that operate in Ukraine such as shipping giant Maersk.

In an alleged attempt to influence the US presidential election, both APT28 and APT29 breached the network used by the Democratic National Committee (DNC). Stolen data was subsequently used to leak compromised information.

Digital Shadows’ Peh commented: “This is not the first instance of Russia-linked targeting of US government agencies: prior to the compromise of the DNC, APT29 also conducted spear-phishing attacks against the Pentagon email system in August 2015, among other government agencies.

Advertisement. Scroll to continue reading.

“Similar activities also occurred in Europe, when APT28 is said to have targeted European political entities ahead of the 2018 EU Parliament elections.”

What countries and organizations are being targeted by Russian threat groups?

Governments and commercial defense organizations are top targets of Russian APTs because they can provide a wealth of political, diplomatic, and military intelligence.

Russian threat groups primarily target western governments and related organizations, such as government ministries and agencies, political think tanks, and governmental subcontractors, but also private sector targets in the US and Europe.

Energy organizations and other critical infrastructure are also important targets because of Russia’s status as a leading energy producer and for the potential to disrupt the economies of targeted countries. Technology and telecommunications companies are also favored targets.

In geographic terms, Ukraine is a top target for Russian cyber espionage and disruptive attacks in support of Russia’s expansion of its power and influence in the country. Other prime targets include the nation’s historic geopolitical and military adversaries in the US and the European and Turkish members of the North Atlantic Treaty Organization (NATO).

Dark Intelligence’s Warrington commented: “Ukraine is, in effect, Russia’s testing ground for new cyber-attacks, and therefore we need to understand what happens there to predict what types of attack will happen to the West in the coming years.”

What cyber-attacks have been attributed to Russia?

Russian threat groups are thought to be behind some of the most high-profile attacks of recent years.

Alongside the SolarWinds campaign, which targeted 80% of the Fortune 500, Russian state-sponsored APT group Sandworm (aka ‘Unit 74455’, a GRU unit distinct from APT28) is accused of being behind the destructive NotPetya cyber-attack that affected thousands of businesses worldwide in 2017.

APT28, meanwhile, targeted the World Anti-Doping Agency (WADA) and leaked drug-testing information related to international athletes in 2016.

Despite high-profile media coverage of activities conducted by these Russia-linked APT groups, neither APT28 nor APT29 show any signs of stopping their malicious activities, as evidenced by the SolarWinds hack and other recent hacking campaigns.

For example, in July 2021 reports emerged that APT29 had compromised the computer systems of the Republican National Committee (RNC) via a third-party provider.

Source: https://portswigger.net/daily-swig/apt-focus-noisy-russian-hacking-crews-are-among-the-worlds-most-sophisticated

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Business News

After Russia’s most serious political crisis in decades, uncertainty swirled Monday about the fate of the former Putin ally who led a brief armed rebellion, his...

Business News

FILE – Wagner Group head Yevgeny Prigozhin attends the funeral of Dmitry Menshikov, a fighter of the Wagner group who died during a special...

Business News

FILE – President Joe Biden, right, meets with Indian Prime Minister Narendra Modi during the Quad leaders summit at Kantei Palace, May 24, 2022,...

Business News

U.S. Secretary of State Antony Blinken shakes hands with Chinese President Xi Jinping in the Great Hall of the People in Beijing, China, Monday,...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO