SOURCE: F-Secure Corp.

F-Secure Corp.

September 17, 2015 02:00 ET

F-Secure Linked Cyberattacks to Russian Intelligence Gathering

F-Secure Labs Links Nearly a Decade of State-Sponsored Cyberattacks to a Group of Hackers Backed by Russia

SAN JOSE, CA--(Marketwired - Sep 17, 2015) - A new report published by F-Secure Labs links a number of state-sponsored cyberattacks to a hacking group engaged in Russian intelligence gathering. The whitepaper provides an in-depth analysis of a hacking group called "the Dukes," and outlines seven years of their attacks against governments and related organizations in the United States, Europe and Asia. 

The report provides a detailed account of "the Dukes" -- a group of attackers using a family of unique malware toolsets used to steal information by infiltrating computer networks and sending the data back to attackers. According to the report, the group has been using these toolsets to launch cyberattacks that support Russian intelligence gathering for at least seven years.

Specific targets of the attacks discussed in the report include the former Georgian Information Center on NATO (now called the Information Center on NATO and EU), the Ministry of Defense of Georgia, the ministries of foreign affairs in both Turkey and Uganda and other government institutions and political think tanks in the United States, Europe and Central Asia.

Artturi Lehtiö, the F-Secure researcher heading the investigation, said the new analysis strengthens claims that the group is backed by Russia and is working to support Russian intelligence gathering. "The research details the connections between the malware and tactics used in these attacks to what we understand to be Russian resources and interests. These connections provide evidence that helps establish where the attacks originated from, what they were after, how they were executed, and what the objectives were. And all the signs point back to Russian state-sponsorship."

The Dukes use nine different variants of malware toolsets, and while many of those toolsets were previously known to researchers, it was Lehtiö's discovery of two new variants that allowed him to make new connections between the group and the attacks. According to Patrik Maldre, a junior research fellow with the International Center for Defense and Security, these connections provide vital information that researchers can use to put together a bigger picture about how Russia uses cyberattacks to support their intelligence gathering and political objectives.

"The connections identified in the report have significant international security implications, particularly for states in Eastern Europe and the Caucasus," said Maldre. "They shed new light on how heavily Russia has invested in offensive cyber capabilities, and demonstrate that those capabilities have become an important component in advancing its strategic interests. By linking together seven years of individual attacks against Georgia, Europe and the United States, the report confirms the need for current and prospective NATO members to strengthen collective security by increasing cyber cooperation in order to avoid becoming victims of Russian information warfare, espionage, and subterfuge."

Mika Aaltola, program director for the global security research program at the Finnish Institute of International Affairs, said the report has special significance for countries in Northern Europe. "Smaller countries, such as Sweden and Finland, are particularly vulnerable to this kind of espionage. Nordic and Baltic countries are always trying to balance Russian and Western interests, and Russia uses their cyberattack capabilities to find ways to tip the balance in their favor. Attributing cyberattacks is notoriously challenging, which lets Russia deny their activities in this space, and exert their influence in much softer, much less visible ways." 

Both Maldre and Aaltola are currently working on research that incorporates Lehtiö's study on the Dukes. Lehtiö's whitepaper, called "The Dukes: 7 Years of Russian Cyberespionage," is now available for download from F-Secure Labs.

More information:
The Dukes Whitepaper
History of the Dukes
F-Secure Labs

F-Secure - Switch on freedom
F-Secure has been defending tens of millions of people around the globe from digital threats for over 25 years. Our award-winning products protect people and companies against everything from crimeware to corporate cyberattacks, and are available from over 6000 resellers and 200 operators in more than 40 countries. We're on a mission to help people connect safely with the world around them, so join the movement and switch on freedom!

Founded in 1988, F-Secure is listed on NASDAQ OMX Helsinki Ltd.

f-secure.com | twitter.com/fsecure | facebook.com/f-secure