Boing Boing Staging

Two Russia-backed hacker groups target Europe ahead of elections, FireEye reports

Security services firm FireEye says two hacker groups known to be sponsored by the Russian government of Vladimir Putin are waging cyber-attacks currently against European government systems.

FireEye says these internet-based digital attacks are focused on the member states of NATO, the European security alliance that both Putin and Trump disparage.

The two hacking groups are believed to be coordinating their efforts, but they’re using different tools, FireEye reports, adding it noticed a “significant increase” in activity from both groups in mid-2018.

The cyber-espionage campaign is said to be ongoing.

“The groups could be trying to gain access to the targeted networks in order to gather information that will allow Russia to make more informed political decisions, or it could be gearing up to leak data that would be damaging for a particular political party or candidate ahead of the European elections,” Benjamin Read, FireEye’s senior manager of cyberespionage analysis said Thursday.

NBC News’s Ryan Browne reports that the firm’s findings “are likely to fuel worries over the possibility that Russia may influence upcoming EU elections.”

The company found that two state-sponsored hacking groups, APT28 and Sandworm, used spear phishing — the practice of sending out emails designed to look like they’re from a trusted party — in an attempt to obtain government information.

FireEye said European government institutions were sent emails with links to websites that appeared to be authentic, luring a person into changing their password and thus sharing their credentials with hackers.

APT28, more popularly known as Fancy Bear, is believed to be linked to Russian military intelligence agency GRU and has been labeled as one of the malicious actors behind the 2016 Democratic National Convention hack.

Sandworm, meanwhile, has also been tied to Russia, and is believed to have been behind the NotPetya ransomware attacks last year which targeted mainly Ukrainian institutions.

Read the rest here.

Earlier, related tweets:

Exit mobile version