New Research into Russian Malware
There’s some interesting new research about Russian APT malware:
The Russian government has fostered competition among the three agencies, which operate independently from one another, and compete for funds. This, in turn, has resulted in each group developing and hoarding its tools, rather than sharing toolkits with their counterparts, a common sight among Chinese and North Korean state-sponsored hackers.
“Every actor or organization under the Russain APT umbrella has its own dedicated malware development teams, working for years in parallel on similar malware toolkits and frameworks,” researchers said.
“While each actor does reuse its code in different operations and between different malware families, there is no single tool, library or framework that is shared between different actors.”
Researchers say these findings suggest that Russia’s cyber-espionage apparatus is investing a lot of effort into its operational security.
“By avoiding different organizations re-using the same tools on a wide range of targets, they overcome the risk that one compromised operation will expose other active operations,” researchers said.
This is no different from the US. The NSA malware released by the Shadow Brokers looked nothing like the CIA “Vault 7” malware released by WikiLeaks.
The work was done by Check Point and Intezer Labs. They have a website with an interactive map.
Patriot • October 2, 2019 10:15 PM
Compartmentalization is a good idea in intelligence operations. But the Russians surely have a small cadre of leatherfaced, vodka-swilling fossils left over from the CCCP to oversee the whole operation.
It’s interesting that one does not hear about any of their people running off to a Western capitol as a turncoat–and certainly not with 7 terabytes of recently downloaded data under their arm–as Mr. Snowden did. Maybe it happens, but one does not hear about it.