Russian government gathers intelligence with malware: report


Malicious software designed to steal sensitive information from businesses and foreign governments is made in Russia and supported by the Russian government, a security research firm reported Tuesday.

The group behind the malicious software, or malware, has been identified as APT28 and has links to a “government sponsor based in Moscow,” Dan McWhorter, FireEye vice president of Threat Intelligence, wrote in a blog post discussing the report. APT28 has been targeting “privileged information related to governments, militaries and security organizations,” for at least seven years, he wrote.

Malware and computer viruses have been a problem since the earliest days of the personal computer, but government-sponsored malware is still rare. One of the best-known malware from a government is Stuxnet, which the US used to attack Iranian nuclear enrichment facilities.

Mikko Hypponen, a security analyst at F-Secure with decades of experience, told CNET in February that government-sponsored malware is unusual and few countries are actively making malware. This isn’t the first time Russia has been accused of using malware to infiltrate foreign governments or businesses for intelligence-gathering. German security firm GData said in February that the Russian government was responsible for the “Uroboros” malware.

The Russian consulate in San Francisco did not return a request for comment.

While FireEye’s malware analysis has provided a view into Russia’s cyber-espionage tactics, it also found no direct evidence of Russia’s involvement. However, the circumstantial evidence is strong, McWhorter said.

The code behind the malware, FireEye said, proved..

Read more