Friday 18 September 2015

F-Secure: Espionage Group Working For Russian Government



A group of cyber spies has been working since 2008 for the Russian government and is responsible for various espionage campaigns in which information in the field of foreign policy and security were captured, so claims the Finnish anti-virus firm F-Secure in a comprehensive report (pdf).

The group is called "Duke" and is assured seven years running. To infect targets are mainly used spear phishing emails.The messages contain infected attachments, such as a monkey movie, or links to a website that tries to install malware via a non patches vulnerability. After one vulnerability in Adobe Reader, all the vulnerabilities that the group attacked at the time of the attacks already patched.

Victims were then also can protect themselves by installing security updates timely. The only time there is no spear phishing was used was in the "Onion Duke 'malware. This malware was via a malicious Tor server and torrent files distributed. Once Tor users a program through the Tor network inside was pulled in real-time malware added to the file.

Russia

Attributing attacks to a specific country is very difficult, but in this case, F-Secure says that the espionage group is sponsored by the Russian government. Therefore the virus fighter relies on the motivation and goals of the group. "Based on what we now know about the targets that Duke chose the last seven years, it is consistent to entities with foreign policy and security issues associated," said the Finnish anti-virus company.

The main party that benefits from the work of the cyber spies is the Russian government, according to F-Secure. There are Russian words in the Duke-malware detected and the group is active during office hours in Russia. Further targets include the Eastern European Ministries of Foreign Affairs, Western think tanks and government agencies and even Russian-speaking drug dealers. "All available evidence suggests we believe that the group is working for Russia and we are not aware of evidence that shows otherwise see."

No comments:

Post a Comment