Current News



Report details Russia's sophisticated hacking toolkit

Tim Johnson, McClatchy Washington Bureau on

Published in News & Features

WASHINGTON -- When Hillary Clinton's former campaign chief received a bogus email that an elite Russian hacking unit allegedly sent, he clicked on its infected link, giving the hackers access to 58,000 or so emails.

Such a hack is known as "spearphishing," and it turns out to be only the simplest tool in a sophisticated Russian hacking kit, according to a report issued Wednesday by FireEye, a Milpitas, Calif., cybersecurity company whose experts have been examining the group since 2007.

Other tools include setting up "watering holes" on websites likely to be visited by individuals of interest, infecting the users in the equivalent of a drive-by digital shooting, or finding "zero day" flaws that allow hackers to control every aspect of targeted computers, servers or networks and the material they store.

The techniques are malicious and nearly impossible for nonprofessionals to block.

"They are so capable," FireEye's Jonathan Wrolstad said of the Russian military unit. "In some ways, it may seem futile because they are so skilled. If you block them one way, they are going to look for the next way and the next way until they achieve their goal."

The Russian hackers are linked to the Russian military intelligence service, known as the GRU, and its targets span the globe and parallel the interests of the Russian state, FireEye said.

In late 2014, FireEye dubbed the Russian hacking unit APT28, a name derived from "advanced persistent threat." Other cybersecurity firms have given the unit names like Fancy Bear, Sofacy, Tsar Team and Pawn Storm. All the names refer to the same hacker team.

The FireEye report says APT28 hackers have targeted areas of strategic Russian interest including "the conflict in Syria, NATO-Ukraine relations, the European Union refugee and migrant crisis, the 2016 Olympics and Paralympics Russian athlete doping scandal, public accusations regarding Russian state-sponsored hacking and the 2016 U.S. presidential election."

The 13-page FireEye report is called "APT28: At the Center of the Storm: Russia Strategically Evolves its Cyber Operations."

Targets of APT28 hacks, compiled by FireEye, include government entities or political parties in Germany, Poland, Kyrgyzstan, Ukraine and the United States, the World Anti-Doping Agency, the Organization for Security and Cooperation in Europe and French TV5Monde, as well as active or retired political figures, including former Clinton campaign chief John Podesta and former Secretary of State Colin Powell.


swipe to next page


blog comments powered by Disqus

Social Connections


Wizard of Id Steve Breen Brilliant Mind of Edison Lee Red and Rover Carpe Diem Ask Shagg