Cyber-Threats Ascribed to Russia Crafted to Hunt Specific Data
Three cyber-espionage campaigns attributed to Russia each focuses on a different type of data collection, according to an analysis by data-intelligence firm Recorded Future.An analysis of three complex cyber-operations—all allegedly conducted by Russian-sponsored groups—has found signs of the underlying espionage organizations involved in the attacks, according to an analysis by data-intelligence firm Recorded Future. The meta-analysis—which focused on three espionage campaigns known as Uroburos, Energetic Bear and APT28—collected reports and research published by security firms and news agencies, matched up data on the threats even if referred to by different names, and synthesized more complete pictures of the threats. In the end, the data analysis highlighted that the three espionage campaigns all focused on different political goals, Christopher Ahlberg, CEO and co-founder of Recorded Future, told eWEEK. “There is distinct targeting, and without the malware overlapping in the wild, (and that) indicates coordination at the strategic level,” he said. “We are not just looking at a bunch of criminals, throwing around attacks, but at an organized effort across three different collections, [or] campaigns, of malware.”
Since Russia’s cyber-attacks on the former Soviet state of Estonia in 2007, government analysts and security researchers have kept watch on Russian cyber-operations. In 2013, security firm Kaspersky Lab detailed a five-year operation, attributed to Russia and known as Red October. In 2014, three other major operations came to light—Uroburos, Energetic Bear and APT28—as well as some smaller operations, such as Sandworm.