(Cyberwar.news) A state-sponsored Russian hacking group named “The Dukes” has been uncovered by cybersecurity researchers, having allegedly conducted attacks against foreign governments and other entities over a seven-year period, the International Business Times (IBT) reported.
In a just-released white paper,[PDF] researchers from security firm Secure Labs detailed how cyberattacks were launched in support of Russian intelligence operations by using malware to infiltrate computer systems and steal data.
Targets listed in the report include government institutions and think tanks in Europe, Central Asia and the United States, as well as a Georgian NATO branch and Uganda’s Ministry of Foreign Affairs.
F-Secure Labs researcher Artturi Lethio, who led the investigation, said the team’s findings all indicate Kremlin complicity.
“The research details the connections between the malware and tactics used in these attacks to what we understand to be Russian resources and interests,” Lethio said. “These connections provide evidence that helps establish where the attacks originated from, what they were after, how they were executed and what the objectives were. And all the signs point back to Russian state-sponsorship.”
As the white paper noted, The Dukes are a well-financed and technologically proficient group that has been in operation for a number of years.
“The Dukes are a well-resourced, highly dedicated and organized cyberespionage group that we believe has been working for the Russian Federation since at least 2008 to collect intelligence in support of foreign and security policy decision-making,” says an executive summary of the white paper.
“The Dukes primarily target Western governments and related organizations, such as government ministries and agencies, political think tanks, and governmental subcontractors,” the summary continued. “Their targets have also included the governments of members of the Commonwealth of Independent States; Asian, African, and Middle Eastern governments; organizations associated with Chechen extremism; and Russian speakers engaged in the illicit trade of controlled substances and drugs.”
Specifically, the group is known to “employ a vast arsenal of malware toolsets, which we identify as MiniDuke, CosmicDuke, OnionDuke, CozyDuke, CloudDuke, SeaDuke, HammerDuke, PinchDuke, and GeminiDuke,” said the summary.
“In recent years, the Dukes have engaged in apparently biannual large-scale spear-phishing campaigns against hundreds or even thousands of recipients associated with governmental institutions and affiliated organizations,” it said.
IBT reported that two new variants of malware toolsets were discovered during Secure Lab’s research – enough to allow researchers to link The Dukes with the attacks, and to Moscow.
“The connections identified in the report have significant international security implications, particularly for states in Eastern Europe and the Caucasus,” Patrik Maldre, a junior research fellow with the International Center of Defense and Security in Estonia, told IBT. “They shed new light on how heavily Russia has invested in offensive cyber capabilities and demonstrate that those capabilities have become an important component in advancing its strategic interests.”
U.S. intelligence officials have long believed that Moscow uses outside “independent” groups to conduct much of its cyber activity, in order to establish plausible deniability. U.S. intelligence officials also suspect the Chinese government of doing the same thing.
If the F-Secure Labs report is accurate, it would be some of the first concrete evidence that Moscow is officially sponsoring hacking groups to conduct espionage on competitor nations.
The white paper notes that researchers discovered The Dukes first launched cyber assaults against the West in 2009. “[T]he targets of the Dukes group during that year included organizations such as the Ministry of Defense of Georgia and the ministries of foreign affairs of Turkey and Uganda,” the white paper said.
At about the same time, said researchers, The Dukes became interested in NATO and U.S. government operations.