Russian Nation-state hackers intensify operations in Syria

According to security experts Russian nation-state hackers are behind cyber espionage campaigns against opposition groups and NGOs in Syria.

Russia is behind a cyber espionage campaign against Syrian opposition groups and NGOs, the Kremlin wants to conduct a PSYOP to influence the sentiment of the country on the humanitarian crisis as a diversionary action for its military operations in the area.

The Russian hackers target most active human rights organizations and aid groups in the country, including the Syrian Observatory of Human Rights.

The experts have found many similarities with other operations conducted by Russian nation-state actors that operated for example during the Ukrainian crisis.

Hackers used malware to compromise the targeted organizations and spread disinformation from victims’ official accounts.

Security experts at FireEye have collected evidence of the activity of Russian nation-state hackers against Syrian organizations. Richard Turner, head of Middle East and Europe at FireEye revealed that the hacking activity of Russian entities had been intensifying since the start of the year.

“APT 28 and other Russian groups are now really focusing their attention on the collection of data on Syrian groups, particularly those focused on human rights and the monitoring of Russian military activity,” explained Turner. “It’s a very significant operation.”  “Clearly this is to enable them to respond politically . . . to target [the groups] for information warfare and to have an impact on the conflict itself,”

The Financial Times reported the a discussion with two senior intelligence officials, that sustain the involvement of the Russian FSB in the espionage campaign.

“Details of the Syrian campaign were discussed with two senior intelligence officials, one from Europe and one from a country neighbouring Syria. The operation was large in scale and systematic in nature, one of them said, speaking on condition of anonymity, adding that the campaign was directed by the FSB, Russia’s state security agency.” states a blog post on the Financial Times.

According to the intelligence experts, Russian hackers are also targeting organisations in Turkey managing information related the involvement of the Turkish government in the conflict in Syria. Russian hackers are collecting any kind of information on the Turkish Government due to the worsening of the relationship among the two countries.

Western intelligence fears the evolution of the events in Syria, western politicians believe that Russia is involved in the fight against Isis in the country to support the Bashar al-Assad’s Government against dissident. Many organizations are accusing the Russian forces in the area for attacks against civilian and opponents of the regime.

The experts at FireEye discovered that hackers launched spear-phishing campaign against their targets and also used replicas of legitimate organisations’ websites to track visitors and identify opponents of the Regime.

“It could be for two reasons,” said Jens Monrad, global intelligence liaison at FireEye. “One is to send out false information from those groups, or they could be using their credentials as stepping stones to go on and target other individuals or organisations. It all fits with Russia’s traditional information warfare doctrine.”

Pierluigi Paganini

Security Affairs –  (APT28, cyber espionage)