Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Russian Hackers Target European Governments Ahead of Elections: FireEye

Hackers believed to be sponsored by the Russian government are targeting European governments for cyber-espionage purposes ahead of the upcoming European elections, FireEye reports. 

Hackers believed to be sponsored by the Russian government are targeting European governments for cyber-espionage purposes ahead of the upcoming European elections, FireEye reports. 

The targeting, the security firm says, is focused on NATO member states. The activity has increased significantly since mid-2018, and is ongoing. 

The attacks are being carried out by two groups that security companies refer to as APT28 (also known as Pawn Storm, Fancy Bear, Sofacy, Group 74, Sednit, Tsar Team and Strontium) and Sandworm Team (also tracked as TeleBots). 

When announcing the takedown of the “VPNFilter” botnet last year, the US Justice Department referred to the actor behind the botnet as both APT28 and Sandworm. The two, however, are seen as separate groups by security firms, although their activity is related. 

Both cyber-espionage groups, FireEye says in a report shared with SecurityWeek, are sponsored by the Russian state. 

The activity of APT28 and Sandworm Team appears aligned, although each uses different tools and methods. The former employs custom tools and has been observed deploying zero-day exploits, while the latter tends to use publicly available tools. 

In addition to European government organizations, the groups have also targeted media outlets in France and Germany, political opposition groups in Russia, and LGBT organizations with links to Russia, the security firm says. 

Usually, these hackers leverage spear-phishing as the initial method of compromise, to deliver either malicious documents or links to fake login sites, which attempt to steal passwords. The attackers also register domains similar to those that the intended victims are familiar with. 

Advertisement. Scroll to continue reading.

Targets within European governments have received emails that displayed a seemingly genuine sender and which contained links that appeared to direct to real government websites. The emails attempted to trick victims into revealing their credentials to the attackers.

“The groups could be trying to gain access to the targeted networks in order to gather information that will allow Russia to make more informed political decisions, or it could be gearing up to leak data that would be damaging for a particular political party or candidate ahead of the European elections,” said Benjamin Read, Senior Manager of Cyber Espionage Analysis at FireEye. 

“The link between this activity and the European elections is yet to be confirmed, but the multiple voting systems and political parties involved in the elections creates a broad attack surface for hackers.”

FireEye says they notified targeted organizations after identifying attacks, whenever possible. 

Related: UK, Australia Blame Russia for Bad Rabbit, Other Attacks

Related: FBI Attribution of ‘VPNFilter’ Attack Raises Questions

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Madhu Gottumukkala has been named Deputy Director of the cybersecurity agency CISA.

Wendi Whitmore has taken the role of Chief Security Intelligence Officer at Palo Alto Networks.

Phil Venables, former CISO of Google Cloud, has joined Ballistic Ventures as a Venture Partner.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.