Allegations that sophisticated Chinese and North Korean based criminal groups are targeting Western governments and corporations aren’t new. But a report out today says the leading threat actors come from Russia.
“There is no other hacking community that can boast such a breadth of knowledge, resources, and manpower,” says the report from New York-based IntSights Cyber Intelligence.
“Cybersecurity teams face a daunting challenge when it comes to Russian cybercriminals, especially those working for organizations that may compete with Russian companies. Russian hackers are known for developing cutting-edge malware, exploit kits, and highly technical hacking methods.”
In an interview report author Andrey Yakovlev, IntSight’s lead Russia threat researcher, said “the Russian government basically turns a blind eye” on internal threat actors that target organizations and corporations outside the Commonwealth of Independent States (CIS), the partnership of 10 post-Soviet republics.
That’s in part because “there is a strong sense of nationalism” among hackers to attack what are perceived to be nations that threaten Russia, particularly the United States and countries in the European Union.
Russian hackers target other countries out of “sense of patriotism … that you should take it to the enemy.”
In fact, he said, it is common for Russian-based hacking forums to post a notice forbidding discussing attacking countries in the CIS.
There’s also a bit of pragmatism, Yakovlev added, because Moscow tries to crack down on domestic hackers. For example, he said, a person who allegedly released Android malware aimed at Russian banks in February was arrested a month later.
Last year a U.S. judge gave a five-year prison sentence to Canadian Karim Baratov for his role in helping Russians hack Yahoo and other Internet email providers.
On the other hand, the report notes apparent toleration for what it calls insider trading forums that deal exclusively with stolen identity-related information on people and government employees within the CIS.
“The level of infiltration threat actors make into private and governmental entities is truly unprecedented,” says the report, “and is not seen in any other country.”
Infiltrated Russian government departments include the ministry of internal affairs, the federal tax service, the federal service of court bailiffs and the pension fund.
Dossiers for sale includes domestic and international passport information for individuals, including photos, marriage history, any registered instances of crossing borders, times using internal transportation services, video surveillance in certain cities, instances of all-points bulletins that indicate a criminal being pursued by American or Canadian authorities or any other criminal investigation (including Interpol requests), and real estate information.
Forums that specialize in stolen credit and debit cards focus on using or clearing fraudulently obtained money and various fraud schemes.
A forum called Exploit specializes in offering advice on technical hacking issues such as creating anonymous infrastructure and exfiltrating money from hacked bank accounts with two-factor authentication.
“Cybersecurity teams must remain vigilant as Russian cyber crime continues to increase in both frequency and severity.” the report concludes. “The Russian hacking community’s advanced technical capabilities paired with the government’s apparent apathy toward – or even support for – attacks on foreign entities leave multinational companies as common targets.
“To protect your organization, it is imperative to keep up with Russia’s expansive cyber crime underground and identify threats to your assets, employees, brands, and customers.”