Russian cyber-attack spree shows what unrestrained internet warfare looks like

 

The Sandworm team of Russian military intelligence, alleged to have unleashed computer chaos against the Kremlin’s enemies around the world, is said to operate out of a blue-tinted glass skyscraper known simply as “the tower”.

From that address, 22 Kirova Street in the Moscow suburb of Khimki, the Sandworm hackers, also known more prosaically as the unit 74455 and “the main centre for special technologies”, launched attacks on the Ukrainian power system, Emmanuel Macron’s presidential bid in France in 2017, the South Korean Olympics in 2018 and the UK investigation into the 2018 Russian nerve agent attack in Salisbury.

According to cyber security experts, the same unit was involved in the hacking of the Democratic National Committee and Hillary Clinton’s election campaign in 2016, disguised as a hacktivist group dubbed Fancy Bear.

Video: UK exposes Russian cyber attacks against Tokyo Olympics (Press Association)

UK exposes Russian cyber attacks against Tokyo Olympics

On Monday, US and UK authorities accused the unit of planning a cyber attack on the 2020 Olympics and Paralympics in Tokyo.

They did not just cause confusion and inconvenience. Quite apart from their alleged role in the rise of Donald Trump, they are accused of depriving hundreds of thousands of Ukrainians of light and heat in the middle of winter, and closing down the computer systems of a major Pennsylvania hospital. Their exploits are a foretaste of unconstrained cyber warfare might look like in the real world.

The US indictment of six Sandworm operatives, all GRU military intelligence officers, gives a detailed account of how they went about their business.

Assistant Attorney General for the National Security Division John Demers, center, accompanied by FBI Deputy Director David Bowdich, left, and FBI Special Agent in Charge of the Pittsburgh field office Michael Christman, right, speaks at a news conference at the Department of Justice, October 19, 2020, in Washington, DC. - Six Russian military intelligence officers have been charged with carrying out cyberattacks on Ukraine's power grid, the 2017 French elections and the 2018 Winter Olympics, the US Justice Department announced on October 19, 2020. (Photo by Andrew Harnik / POOL / AFP) (Photo by ANDREW HARNIK/POOL/AFP via Getty Images)Assistant Attorney General for the National Security Division John Demers, center, accompanied by FBI Deputy Director David Bowdich, left, and FBI Special Agent in Charge of the Pittsburgh field office Michael Christman, right, speaks at a news conference at the Department of Justice, October 19, 2020, in Washington, DC. - Six Russian military intelligence officers have been charged with carrying out cyberattacks on Ukraine's power grid, the 2017 French elections and the 2018 Winter Olympics, the US Justice Department announced on October 19, 2020. (Photo by Andrew Harnik / POOL / AFP) (Photo by ANDREW HARNIK/POOL/AFP via Getty Images)

In preparation for the attack on the Olympics they studied the tactics and style of their North Korean counterparts, the Lazarus group, so they could mimic them and throw suspicion on Pyongyang.


Video: "UK exposes Russian cyber attacks against Tokyo Olympics" (Evening Standard)

"UK exposes Russian cyber attacks against Tokyo Olympics"

When the UK’s Defence Science and Technology Laboratory and the Organisation for the Prohibition of Chemical Weapons in the Hague started to investigate the Novichok nerve agent attack on a KGB defector Sergei Skripal and his daughter Yulia in March 2018, the Sandworm hackers sent out spearphishing emails to investigators in both organisations purporting to come from known German and British journalists.

To increase the chances that at least some of the recipients would click on the malware-laced links, the “journalist’ claimed to have information relevant to the investigation.

Gallery: The biggest cyber attacks in history (StarsInsider)

graphical user interface, text: Cybercrime is big business, and while governments and the private sector do everything they can to prevent hacker attacks, history tells us this is not always an easy task. Browse through the gallery and learn more about the most notorious cyber attacks in history. 

The indictment is based on lengthy investigations by FBI analysts in cooperation with Google, Cisco, Facebook and Twitter as well with allied intelligence agencies, most importantly the from the Five Eyes alliance, of the US, UK, Canada, Australia and New Zealand.

According to the indictment, the investigators were able to keep such a close watch on the hackers that it caught one of them, named as Anatoliy Kovalev, doing a bit of moonlighting, spearphishing Russian real estate companies, and car dealers as well as cryptocurrency exchanges abroad, apparently for private profit.

Thomas Rid, the professor of strategic studies at Johns Hopkins University and author of Active Measure – a book published this year on disinformation operations, said the level of detail in the indictment reflects the degree to which the GRU teams own networks were infiltrated.

A poster showing six wanted Russian military intelligence officers is displayed as Assistant Attorney General for the National Security Division John Demers, left, accompanied by FBI Deputy Director David Bowdich, second from right, and FBI Special Agent in Charge of the Pittsburgh field office Michael Christman, right, speaks during a news conference at the Department of Justice, October 19, 2020, in Washington, DC. - Six Russian military intelligence officers have been charged with carrying out cyberattacks on Ukraine's power grid, the 2017 French elections and the 2018 Winter Olympics, the US Justice Department announced on October 19, 2020. (Photo by Andrew Harnik / POOL / AFP) (Photo by ANDREW HARNIK/POOL/AFP via Getty Images)A poster showing six wanted Russian military intelligence officers is displayed as Assistant Attorney General for the National Security Division John Demers, left, accompanied by FBI Deputy Director David Bowdich, second from right, and FBI Special Agent in Charge of the Pittsburgh field office Michael Christman, right, speaks during a news conference at the Department of Justice, October 19, 2020, in Washington, DC. - Six Russian military intelligence officers have been charged with carrying out cyberattacks on Ukraine's power grid, the 2017 French elections and the 2018 Winter Olympics, the US Justice Department announced on October 19, 2020. (Photo by Andrew Harnik / POOL / AFP) (Photo by ANDREW HARNIK/POOL/AFP via Getty Images)

“Today’s GRU indictment is an incredible document,” Rid wrote on Twitter. “The Five Eyes intelligence communities, I would suspect, must have stunning visibility into Russian military intelligence operations if today’s disclosures are considered dispensable.”

For all the efforts unit 74455 took to cover its tracks, they seem to have been remarkably sloppy in other ways.

Hacker using laptop on abstract binary code map background. Hacking and phishing conceptHacker using laptop on abstract binary code map background. Hacking and phishing concept

According to Aric Toler of the Bellingcat investigative journalism team, three of the six accused registered their cars to the same address, which is also linked to the Sandworm unit.

“If you search for all of the people registering their cars to this address, you get 47 results – all probably GRU hackers,” Toler said.

Source https://www.msn.com/en-gb/news/spotlight/russian-cyber-attack-spree-shows-what-unrestrained-internet-warfare-looks-like/ar-BB1abMez?ocid=msedgdhp

Comments

Popular posts from this blog

How a cyber attack hampered Hong Kong protesters

‘The chances of nuclear use are minimal. Both Russia & Ukraine are well aware of results’: DB Venkatesh Varma

Pak off FATF Grey List; ‘Black Spot’ on Fight Against Terror Irks India; J&K Guv Says 'World is Watching'