A group known as APT28 has been collecting information from defence and political intelligence targets in Eastern European and European security organisations.
According to FireEye, all of these areas are of particular interest to the Russian Government and it suspected that the group may be sponsored by the Russian Government.
“Despite rumours of the Russian Government’s alleged involvement in high-profile Government and military cyber attacks, there has been little hard evidence of any link to cyber espionage,” said Dan McWhorter, FireEye VP of threat intelligence. “FireEye’s latest advance persistent threat report sheds light on cyber espionage operations that we assess to be most likely sponsored by the Russian Government, long believed to be a leader among major nations in performing sophisticated network attacks.”
The FireEye report offers details that likely link APT28 — a threat group whose malware is already fairly well-known in the cyber security community — with a Government sponsor based in Moscow, exposing long-standing, focused operations that indicate Government backing.