FireEye Releases Report on Cyber Espionage Group With Possible Ties to Russian Government
FireEye research, analysis exposes long-standing operations by APT28 targeting government, military, and security groups of interest to Russia
FireEye, Inc. (NASDAQ: FEYE), the leader in stopping today's advanced cyber attacks, today released a comprehensive intelligence report that assesses that an advanced persistent threat (APT) group may be sponsored by the Russian government.
The report – APT28: A Window into Russia’s Cyber Espionage Operations? – details the work of a team of skilled Russian developers and operators, designated by FireEye as APT28, that has been interested in collecting information from defense and geopolitical intelligence targets including the Republic of Georgia, Eastern European governments and militaries, and European security organizations, all areas of particular interest to the Russian government.
“Despite rumors of the Russian government’s alleged involvement in high-profile government and military cyber attacks, there has been little hard evidence of any link to cyber espionage,” said Dan McWhorter, FireEye VP of Threat Intelligence. “FireEye’s latest advance persistent threat report sheds light on cyber espionage operations that we assess to be most likely sponsored by the Russian government, long believed to be a leader among major nations in performing sophisticated network attacks.”
This FireEye report offers details that likely link APT28 -- a threat group whose malware is already fairly well-known in the cybersecurity community -- with a government sponsor based in Moscow, exposing long-standing, focused operations that indicate government backing.
Unlike the China-based threat actors tracked by FireEye, APT28 does not appear to conduct widespread intellectual property theft for economic gain, but instead is focused on collecting intelligence that would be most useful to a government. Specifically, FireEye found that since at least 2007, APT28 has been targeting insider information related to governments, militaries, and security organizations that would likely benefit the Russian government.
The report includes malware samples compiled by FireEye that indicate that the developers are Russian language speakers who are operating during business hours consistent with the time zone of Russia’s major cities, including Moscow and St. Petersburg.
FireEye experts also found that APT28 has systematically evolved its malware since 2007, using flexible and lasting platforms indicative of plans for long-term use and sophisticated coding practices that suggest an interest in complicating reverse engineering efforts.
In addition to the report, FireEye is releasing indicators that can be downloaded at https://github.com/fireeye/iocs
The full report, including examples of APT28 targeted attacks and malware indicators, can be accessed at /content/dam/legacy/resources/pdfs/apt28.pdf
About FireEye, Inc.
FireEye has invented a purpose-built, virtual machine-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyber attacks. These highly sophisticated cyber attacks easily circumvent traditional signature-based defenses, such as next-generation firewalls, IPS, anti-virus, and gateways. The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. The core of the FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, to identify and block cyber attacks in real time. FireEye has over 2,500 customers across 65 countries, including over 150 of the Fortune 500.
Vitor De Souza
© 2014 FireEye, Inc. All rights reserved. FireEye is a registered trademark or trademark of FireEye, Inc. in the United States and other countries. All other brands, products, or service names are or may be trademarks or service marks of their respective owners.