The Russian Threat
The growth of cybercrimes has created a new warfront.
Russia has been preparing for this new war field by actively teaching their population advanced networking and computer skill in schools. They’ve also continued to fund Russian Advanced Persistent Threat Groups (APTs). Doing so has given them access to some of the smartest hackers in the world.
Russian hackers take only 19 minutes to spread from their initial victims in an organizations network compared to North Koreas 2 hours and 20 minutes, Chinas 4 hours, and Irans 5 hours and 9 minutes. Also training to leave a very small footprint, they leave very little forensic data, and vanish as soon as they are detected.
Several Russian organizations are known for carrying out cyber-attacks with APT teams, including the Russian Federal Security service (FSB), Russian Foreign intelligence Service (SVR), Russian General Staff Main Intelligence Directorate (GRU), and the Russian Ministry of Defense. Commonly their attacks are targeted at the Ukrainian government and critical infrastructure. The FSB has instigated cyber-attacks targeting UK and U.S. energy companies, U.S. aviation organizations, U.S. government and military personnel, and cybersecurity companies.
Their biggest attack occurred in 2017, where they were indicted by the DOJ for accessing email accounts of U.S. government and military personnel, private organizations, and cybersecurity companies.
The SVRs most notable attack was in 2021 against SolarWinds, a major software company which provides management tools for network and infrastructure monitoring to hundreds of thousands of organizations worldwide. Their IT performance monitoring system, Orion, has privileged access to IT systems of every customer. Using Orion, the SVR had the potential to gain access to the data and networks of SolarWinds customers and partners, including the U.S. government and critical infrastructure organizations.
From 2015-2017 the GRU committed several attacks against Ukrainian infrastructure, including energy, financial, and government organizations. The malware deployed caused widespread power outages, compromised user credentials, and made computers inoperable.
The Russian Ministry of Defense has been sanctioned by the UK and U.S. for distributing Triton malware to oil refineries. This Malware causes the safety systems within the machinery that prevents dangerous conditions to disable.
There are many more known Russian organizations that continue to carry out more attacks. While these attacks seem to be focused on hurting government agencies, it is apparent that they have no concern over hurting the populations of these countries as well. With common attacks being on critical infrastructure it is more important than ever to provide proper security training and implement strict security measures.
Here some of the most well-known cybercrime groups that have been attributed to Russia by various cybersecurity firms and government agencies. It's important to note that attribution can be difficult in the world of cybercrime, and not all of these groups are necessarily associated with the Russian government or operate exclusively from Russia. Here are a few examples:
APT28 (also known as Fancy Bear, Sofacy, and Strontium): This group is believed to be a state-sponsored hacking group associated with the Russian military intelligence agency GRU. APT28 has been active since at least 2007 and has been linked to a wide range of cyber attacks, including the 2016 hack of the Democratic National Committee in the United States.
Cozy Bear (also known as APT29): This group is another state-sponsored hacking group that is believed to be associated with the Russian Federal Security Service (FSB). Cozy Bear was first identified in 2015 and has been linked to a number of high-profile attacks, including the 2016 hack of the Democratic National Committee.
REvil (also known as Sodinokibi): This is a criminal hacking group that is believed to be based in Russia or other former Soviet countries. REvil is known for its use of ransomware, which it has used to extort money from a wide range of organizations.
Evil Corp: This is another criminal hacking group that is believed to be based in Russia. Evil Corp is known for its use of banking trojans, which it has used to steal millions of dollars from banks and other financial institutions.
SandWorm: This group is believed to be associated with the Russian military intelligence agency GRU. SandWorm has been linked to a number of attacks, including the 2015 attack on Ukraine's power grid.