According to a new report by security researchers at F-Secure Labs, hacking groups funded by the Russian government have been a running a large-scale malware campaign that’s hit the likes of NATO and US government institutions.
The new report describes a hacking group called “the Dukes,” outlining how they used a series malware tools to “to steal information by infiltrating computer networks and sending the data back to attackers”. The attacks — which saw hackers use nine different malware tools, each designed to target specific systems — have been occurring for at least seven years, according to F-Secure.
The researchers point to a number of pieces of evidence to link the attacks to the Russian government. They includes Russian-language error messages found in code, attacks occurring within working hours on Moscow time, and a series of targets who appear to be of great interest to the Russian governments, including embassies, parliaments, and ministries of defence — and never the Russian state. The team also points out that various news stories around the world about hacks didn’t stop the group, suggesting they were afforded a level of protection. The report explains:
“Based on our establishment of the group’s primary mission, we believe the main benefactor (or benefactors) of their work is a government. But are the Dukes a team or a department inside a government agency? An external contractor? A criminal gang selling to the highest bidder? A group of tech-savvy patriots? We don’t know.”
Among the targets of the attacks were the Information Center on NATO and EU, the Ministry of Defence of Georgia, the ministries of foreign affairs in both Turkey and Uganda and a series of government institutions and political think tanks in the United States, Europe and Central Asia. The team also speculates to the Verge that recent digital attacks on the White House and State Department may have been orchestrated by the Dukes.
Image by Tischenko Irina/Shutterstock