A joint research from Intezer and Check Point Research shed light on Russian hacking ecosystem and reveals connections between nearly 2,000 malware samples developed by Russian APT groups.
The report is extremely interesting because gives to the analysts an overview of the Russian hacking community and their operations.
The experts also published an interactive map that gives a full overview of this Russian hacking ecosystem.
Since the first publicly known attacks by Moonlight Maze, in 1996, many Russian hacking groups have emerged in the threat landscape, their operations involved highly sophisticated malware and hacking techniques.
“Russia is known to conduct a wide range of cyber espionage and sabotage operations for the last three decades. Beginning with the first publicly known attacks by Moonlight Maze, in 1996, the Pentagon breach in 2008, Blacking out Kyiv in 2016, hacking the United States elections in 2016, and including some of the largest, most infamous
“This led us to gather, classify, and analyze thousands of Russian APT malware samples in order to find connections not only between samples, but also between different families and actors.”
The Russian hacking ecosystem characterized by Russian APT groups is very complex, security firms have collected a huge quantity of information related to single threat actors, but not of them provided a global picture of the ecosystem.
Give a look at the “Russian APT Map,” that illustrates the connections between different Russian APT malware samples, malware families, and threat actors.
Experts analyzed approximately 2,000 samples that were attributed to Russian APT groups, the researchers found 22,000 connections between the samples, in addition to 3.85 million non-unique pieces of code that were shared. The study classified the samples into 60 families and 200 different modules.
“Every actor or organization under the
“These findings may suggest that Russia is investing a lot of effort into its operational security. By avoiding different organizations re-using the same tools on a wide range of targets, they overcome the risk that one compromised operation will expose other active operations.”
Experts also released a signature-based tool to scan dubbed Russian APT Detector a host or a file against the most commonly re-used pieces of code used by the Russian APT groups in their ope
Enjoy the report!