The Russian government reportedly funded hacking groups and ran a seven-year malware campaign at a large scale, targeting U.S. government institutions, NATO, Chechnya and others.

Security researchers found evidence that ties the Russian government to the Duke malware strain and details how it used a set of malware tools for cyberespionage.

In a new report called The Dukes: Seven Years of Russian Espionage, security researchers from F-Secure reveal how the Russian government was behind the hacking group known as The Dukes and used malware to infiltrate computer networks, steal information and send the data back to the attackers. According to the report, hackers used nine malware tools, with each of them designed for specific systems. F-Secure further points out that this large-scale malware campaign has been going on for at least seven years.

"The Dukes are a well-resourced, highly dedicated and organized cyberespionage group that we believe has been working for the Russian Federation since at least 2008 to collect intelligence in support of foreign and security policy decision-making," notes F-Secure.

The hacking group reportedly has an extensive trove of malware tools and over the years it has engaged in large-scale spear-phishing campaigns seemingly twice a year, against hundreds or thousands of recipients related to governmental institutions or affiliated organizations.

"These campaigns utilize a smash-and-grab approach involving a fast but noisy breakin followed by the rapid collection and exfiltration of as much data as possible," F-Secure adds.

If the hackers then discovered that the compromised target had valuable information, it would switch to another malware toolset for a stealthier data breach and intelligence collection in the long run.

When it comes to evidence to support these claims, the researchers point to several pieces that make up the puzzle, such as error messages written in Russian and found in code, or the time of the attacks coinciding with working hours on Moscow time. Moreover, a number of targets the Russian government is apparently interested in, such as parliaments, embassies or departments of defense, were targeted in the breaches, but the Russian state was never affected.

F-Secure reached the conclusion that the Russian government was the main supporter of the hacking group, but it remains unclear whether The Dukes are part of a government agency, a third-party contractor, a gang selling its services to whoever pays most, or something else.

The Dukes are reportedly behind the attacks against the Information Center on EU and NATO, the Georgia Ministry of Defense, Turkey and Uganda's respective ministries of foreign affairs, as well as several government institutions and political think tanks in the U.S., Central Asia and Europe. Lastly, F-Secure also believes The Dukes could be behind the recent attacks on the State Department and the White House.

This is not the first time that Russia is tied to cybercrime activity, cyberespionage and the like, but it remains to be seen whether more conclusive evidence will come to the surface.

ⓒ 2021 All rights reserved. Do not reproduce without permission.