Russia detects Espionage Malware on Government PCs
On the 30th of July, Russian Federal Security Service (FSB) announced(In Russian) that it discovered malware on computer networks of 20 Russian Government Institutions. The announcement by FSB comes when the United States Democratic Party is struggling to recover from two separate cyber-attacks.
The Democratic National Committee suffered a hack in June, while we recently received reports of a similar attack on the Democratic Congressional Campaign Committee (DCCC) website. DCCC is the group managing presidential candidate Hillary Clinton’s campaign donations. The Russian Intelligence is the primary suspect in both hacks.
During the announcement by FSB, it did not point fingers at anyone. However, announcing their discovery could mean that FSB is suggesting NSA hacked back. Recently, reports about cyber-attacks in sate-affiliated organizations are rampant. Most security analysts in Russian are blaming China for these attacks. Therefore, probably no one is looking in the direction of US although blaming the US could seem a rush to judgment.
According to FSB, the malware can intercept internet traffic, take screenshots of PCs screens, eavesdrop on voice calls, record keystrokes, and spy on the computers’ users via the cameras and microphones. The malware, transmitted to the systems via email attachments, was designed for cyber spying. FSB found the malware in computer systems at government offices, scientific institutions, and military bases. The federal agency claimed that the in each system, the malware was varied for the target it infected.
The espionage malware had a modular design, which means that it loaded malicious code required to initiate attacks depending on the particular of the infected system. The code specified the data the malware should steal. Modular design is typical in RATs and backdoor Trojans meant for cyber spying operations carried out by Advanced Persistent Threats (APTs). APT is a term used to describe nations, states, and private cyber espionage groups.
But Russia does not often make such announcements publicly and, the timing of this announcement seems sinister. Political analysts are suggesting that Russia is conveying a message to other nations that they too are victims of cyber-attacks.
The media has time and time again painted a bad picture of Russia as a country responsible for most cyber-attacks, especially attacks on the USA. FSB is thus attempting to put across a point: The reality is that all nations, especially those involved in clandestine cyber operations are both victims and attackers.