A well-resourced Russian hacking group called “Dukes” has spent nearly a decade conducting cyber-espionage attacks against Western governments on behalf of the Kremlin, Finnish security company F-Secure has claimed.
The accusation against the Russian government comes after a previous report suggested that Kremlin-backed hackers breached networks of US government and defence industry computer systems.
F-Secure outlined its allegations in a whitepaper released today called The Dukes: Seven Years of Cyber Espionage, after publishing an analysis of the group’s method in July.
The new document claims that the group has propagated malware to underpin its cyber attacks against specific targets, enabling it to collect intelligence which was then used by the Russian government in support of foreign and security policy decision-making.
“All of the available evidence… does in our opinion suggest that the group operates on behalf of the Russian Federation. Further, we are currently unaware of any evidence disproving this theory,” claims the F-Secure Labs threat intelligence white paper.
The main targets for the “highly dedicated and organised cyber-espionage group” are thought to be Western governments and related organisations, such as government ministries, think-tanks and governmental sub-contractors, all of which have been targeted by the group since at least 2009.
Other targets of the Dukes hacking group include other members of the Commonwealth of Independent States; and Asian, African, and Middle Eastern governments.
Organisations associated with Chechen terrorism and Russian speakers engaged in the illegal drugs trade and the smuggling of other controlled substances have also been targets. The Chechen connection, in particular, further solidifies the suspicions that the attacks have been carried out in the interests of the Russian government.
Techniques used by Dukes include spear-phishing campaigns against specific targets associated with governments and affiliated organisations, along with the deployment of a large malware toolset, which focuses on persistent compromise of targets and long-term cyber espionage for intelligence gathering.
The activity of Dukes is so advanced and valued that the group attempts to modify its tools to evade detection and, if discovered, won’t cease operations but instead alters its attack tools in a bid to continue its espionage activities.
However, according to Artturi Lehtiö, F-Secure’s researcher heading the investigation, Dukes left behind enough evidence to suggest that they’re carrying out the campaign on behalf of Russian state interests.
“The research details the connections between the malware and the tactics used in these attacks to what we understand to be Russian resources and interests,” he said.
“These connections provide evidence that helps establish where the attacks originated from, what they were after, how they were executed and what the objectives were. And all the signs point back to Russian state-sponsorship,” Lehtiö added.
According to Patrik Maldre, a junior research fellow with the International Centre for Defence and Security in Estonia, the research into the Dukes activity will enable security experts to properly monitor the nature of the attacks and work on methods to protect against them.
“The connections identified in the report have significant international security implications, particularly for states in Eastern Europe and the Caucasus,” said Maldre.
“They shed new light on how heavily Russia has invested in offensive cyber capabilities and demonstrate that those capabilities have become an important component in advancing its strategic interests,” he continued.
Maldre argued that collaboration is key to combating state-sponsored cyber-espionage campaigns.
“By linking together seven years of individual attacks against Georgia, Europe and the US, the report confirms the need for current and prospective NATO members to strengthen their collective security,” he said, “by increasing cyber cooperation in order to avoid becoming victims of Russian information warfare, espionage and subterfuge.”
Russia has become increasingly assertive on the world stage since Vladimir Putin took over as president from Boris Yeltsin in the late-1990s, even when forced to stand down after having served two consecutive terms.
Returned to high office in May 2012, Putin’s assertive foreign policy culminated in the seizure of the Crimea from neighbouring Ukraine last year, and chunks of eastern Ukraine by rebels financed and supplied by the Russian government earlier this year.