Categories: Cyber CrimeSecurity

Russian government wants to strengthen its cyber defense,what’s new?

Russian President Vladimir Putin is considered one of the political figures most attentive to the development of a suitable cyber strategy to protect his countries from cyber attacks. Putin is an intelligent man who has always understood the strategic importance of cyberspace, according many experts he has always invested in the development of cyber capabilities, foreign intelligence is sure that he controls one of the most dangerous group of hackers employed in the persecution of dissidents in the past years and in cyber attacks against political opponents.

The recent revelation of Red October cyber espionage campaign have alerted governments all around the world, the same Putin has ordered to the authorities to increase the level of protection of government cyber assets from possible cyber attacks, the concerns have increased after the revelation of Kaspersky security firms that has verified that the global cyber espionage campaign has also infiltrated government and embassy computers across the former Soviet bloc.

The Russian Federation is one of the most hit region by the phishing attacks with cyber espionage intent, who is behind the attack is a mystery, some experts are sure the operation has been organized by the cyber criminal organization Russian Business Network (RBN) but many other professional that the campaign there is the support of governments.

On January 15th Vladimir Putin approved a decree that assign full powers to Federal Security Service (FSB) to “create a state system for the detection, prevention and liquidation of the effects of computer attacks on the information resources of the Russian Federation“.

Russian authorities are so thinking to an automated defense system able to mitigate incoming cyber attacks against Russian web resources inside the country and also abroad.

Critical infrastructures, diplomatic offices and intelligence structures must be protected from any kind of attacks, diplomatic activities are most impacted by the cyber espionage and the possible consequences for data breaches are serious.

FSB neither the Kremlin have provided further details on the government program to reinforce the security of the cyber space.

The situation is very complex and hard to decipher, I’ve tried to understand who could benefit from this situation.  Cyber criminals organizations could be really interested to the information stolen to resell to best offers, but it is not so easy. The complexity of the attack, the long period it was able to remain uncovered and the nature of targets let me think that there is a government commitment. These guys have built an impressive network to steal governments information and not banking credentials or any other financial data, we are not facing with a classic scam.

Despite cyber criminal organizations are increasing the sophistication level of their attacks if we situate temporally the start of the massive campaign it’s hard to believe that the entire operation is not state sponsored.

The crime has different dynamics, typically criminal structures need money to finance their operations, exactly as any other businesses, in this case the attackers has decided to postpone their earns to as an uncertain and risky future, how is possible?

The reality in my opinion is that the attackers have always worked for a government, or maybe are themselves member of some dedicated cyber unit.

Another element that appears strange, if RBN is responsible for the attacks why it is back to the origins? The group mysteriously disappeared in 2007 but the efficient Russian authorities never captures its exponents. The organization moved operations to China, Taiwan, Hong Kong and also in UK and US. Could be Russian government exponents involved?

And what do you think if per impossible, the Russian government was involved, at least a part of it infiltrated by organized crime? In this case the response of central authorities could represents a clear act of force to protect its heritage of information.

By whom and why Putin wants to defend its infrastructures unlike what was done until now, and who is the recipient of messages sent with the signing of the decree?

It’s known that Kaspersky is one of the most active company in cyber security and has already worked in the past with Russian Government in the fight to cybercrime, why it has decided to make public the news instead to try to track back the criminal in silence securing Russian agencies?

The hypothesis are different and and imaginative, I’m reading everything on the web, people that blame Chinese Government and other that consider security firms subservient to governments, the unique certainty is that similar campaign are arranged by structured organizations which over the years are able to follow the technological evolutions hiding their activities, difficult to think that similar organizations are able to work independently maintaining their identities over  time, improving their capabilities and eluding world wide security specialists … where is the truth?

Pierluigi Paganini

(Security Affairs – Russia)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

DPRK-linked BlueNoroff used macOS malware with novel persistence

SentinelLabs observed North Korea-linked threat actor BlueNoroff targeting businesses in the crypto industry with a new…

4 hours ago

Canada ordered ByteDance to shut down TikTok operations in the country over security concerns

Canada ordered ByteDance to shut down TikTok operations over security concerns but did not issue…

13 hours ago

Critical bug in Cisco UWRB access points allows attackers to run commands as root

Cisco fixed a critical flaw in URWB access points, allowing attackers to run root commands,…

14 hours ago

INTERPOL: Operation Synergia II disrupted +22,000 malicious IPs

A global law enforcement operation called Operation Synergia II dismantled over 22,000 malicious IPs linked…

22 hours ago

Memorial Hospital and Manor suffered a ransomware attack

Georgia, a ransomware attack disrupted Memorial Hospital and Manor’s access to its Electronic Health Record…

24 hours ago

South Korea fined Meta $15.67M for illegally collecting and sharing Facebook users

South Korea fined Meta $15.67M for illegally collecting and sharing Facebook users' sensitive data, including…

1 day ago

This website uses cookies.