The Russian government has been accused of conducting electronic espionage around the world according to multiple reports which state that “for months this summer, unidentified hackers used a previously unknown hole in Microsoft Corp.’s Windows operating system.”
The hacking group, called APT28, may have been operating for over a decade, and has attacked governments in Georgia and Eastern Europe. Visible targets include: NATO, Ukrainian government organizations, Western European government organizations, Energy Sector firms (specifically in Poland,) European telecommunications firms, United States academic organizations, according to a blog post by iSight Partners, one of the research firms. The hacking campaign, called “Sandworm,” may have started in 2009. The blog post says that “the NATO alliance was targeted as early as December 2013 with exploits other than the zero-day.”
Wired explains that “it appears Sandworm is focused on nabbing documents and emails containing intelligence and diplomatic information about Ukraine, Russia and other topics of importance in the region. But it also attempts to steal SSL keys and code-signing certificates, which iSight says the attackers probably use to further their campaign and breach other systems.”
FireEye, another firm that researched this hacking group, says “APT28 tailors implants for specific victim environments. They steal data by configuring their implants to send data out of the network using a victim network’s mail server.”
Russian hackers also may have breached the unclassified computer networks at the White House, which resulted in temporary disruptions to some services. There is no evidence that the classified network was breached, White House officials said to the Washington Post.
The security firms conducting the research suspect that the Russian government is involved in the breaches, but they have not made a conclusive statement. The New York Times says that “the report does not cite any direct evidence of Russian government involvement, such as a web server address or the individuals behind the attack, nor does it name the Russian agency responsible. The researchers have made the government connection because the malicious software used in the incidents was written during Moscow and St. Petersburg working hours on computers that use Russian language settings and because the targets closely align with Russian intelligence interests.” Research firms believe the Russian government is involved in the attacks because the targets were of interest to Russia’s government, and APT28 has flexible and sophisticated hacking resources that indicate a government sponsor.
US government agencies have to worry about cyber threats from within the country, and from foreign nations. EiQ’s SecureVue Advanced Security Intelligence Platform can help government agencies continuously monitor their systems 24/7. SecureVue also automates many aspects of regulation, and includes log management to Centralize, encrypt, normalize and categorize all security-related logs & events in support of key compliance standards. SecureVue is unique in that a single platform can provide capabilities to all network devices, servers, and applications without the need to deploy a client or agent. SecureVue is customizable and comes with 50+ dashboards that allow users to easily visualize the risk and operation picture of the network.