Cybersecurity researchers have uncovered a state-sponsored Russian hacking group named "The Dukes" that has allegedly carried out attacks against foreign governments and organisations over a seven year period. A new report, published by Finland-based F-Secure Labs, details how cyberattacks were launched to support Russian intelligence gathering by using malware to infiltrate computer networks and steal information.
Foreign targets listed in the report include government institutions and political think tanks in the US, Europe and Central Asia, as well as a Georgian Nato branch and Uganda's Ministry of Foreign Affairs. Artturi Lethio, the F-Secure researcher leading the investigation, claims the report's findings all point to a Kremlin-backed campaign.
"The research details the connections between the malware and tactics used in these attacks to what we understand to be Russian resources and interests," Lethio said. "These connections provide evidence that helps establish where the attacks originated from, what they were after, how they were executed and what the objectives were. And all the signs point back to Russian state-sponsorship."
Two new variants of malware toolsets were found in the research, which were enough to allow the researchers to link The Dukes group with the attacks. IBTimes UK contacted the Kremlin for a comment on the report but did not received a response at the time of publication.
"The connections identified in the report have significant international security implications, particularly for states in Eastern Europe and the Caucasus," said Patrik Maldre, a junior research fellow with the International Centre of Defence and Security in Estonia. "They shed new light on how heavily Russia has invested in offensive cyber capabilities and demonstrate that those capabilities have become an important component in advancing its strategic interests."
Maldre called for Nato members to strengthen collective security and to increase collaboration in order to defend against Russian cyberattack campaigns, especially for smaller nations that are most vulnerable to espionage.
According to the program director for the Global Security research program at the Finnish Institute of International Affairs, Nordic and Baltic nations that traditionally tend to balance Russian and Western interests are most at risk to this type of widespread malware campaign. Mika Aaltola said that Russia was using its cyberattack capabilities against countries like Sweden and Finland to "tip the balance in its favour".
"Attributing cyberattacks is notoriously challenging," Aaltola said. "Russia [is able to] deny its activities in this space and exert influence in much softer, much less visible ways."