7-Year Malware-Laced Cyberespionage Is Backed by the Russian Government : Report

Cybersecurity researchers at Finnish security firm F-Secure Labs have uncovered a significant state-sponsored Russian hacking group simply known as “The Dukes.” The hacking group is responsible for targeting foreign think-tanks, governments, and other targets, according to a report issued by the security firm today.

Security researchers allege that a Russian hacking outfit called “the Dukes” have been actively operating since 2008 and has become a significant developer of zero-day attacks. In a report published by F-Secure today, researchers describe “the Dukes” as a “well-resourced, highly dedicated and organized cyber espionage group.” The report can be found here.

A quick look into some of the targets are: members of the Commonwealth; Asian, Middle-Eastern and African Governments; organizations related to Chechen separatists; Russian-speakers involved in the drug trade; a Georgian NATO branch, political think tanks in Asia, Africa and more.

While most of the attacks involved spear phishing campaigns targeting government offices and personnel, F-Secure revealed that one of the hacking group’s attacks included the use of a malicious Tor exit node in Russia.

If true, this would have had serious privacy implications in the highly anonymized Tor network. F-Secure claims that “Dukes” targeted users of the anonymizing network. The hacking group is alleged to inject malware into user downloads.

Dukes is alleged to use spear-phishing campaigns along with an extensive malware toolkit at the same time to be sure of the ‘persistent compromise of targets’ while ensuring long-term cyber-espionage channels.

Such was the advanced means to be relentless in its intelligence gathering and evasive measures (at the same time) that Dukes routinely modified its already functioning attack tools to evade detection. If the tool were discovered, Dukes would alter its attack tools rather than abandon its espionage activities, according to the researchers.

A Real Case of State-Sponsored Cyberespionage?

Despite the sophistication involved in the attack tools employed by Dukes, F-Secure’s lead researcher into the investigation – Artturi Lehtiö claims that the hacking outfit has left a trace of evidence to suggest that it was acting on behalf of the Russian state.

“The research details the connections between the malware and tactics used in these attacks to what we understand to be Russian resources and interests,” claims Lehtiö.

“These connections provide evidence that helps establish where the attacks originated from, what they were after, how they were executed and what the objectives were. And all the signs point back to Russian state-sponsorship,” he added.

“All of the available evidence… does in our opinion suggest that the group operates on behalf of the Russian Federation. Further, we are currently unaware of any evidence disproving this theory,” was the substantial claim made by the F-Secure paper.

The entire report is available for download here.