For the past seven years, websites used by NATO, Eastern European and Caucasus governments, and U.S. contractors with highly sensitive top-secret information have been leaking like a sieve, right into the Kremlin's spymasters' hands.
In a shocking report from FireEye Inc., a California security firm with top government connections, as well as three other reports, the existence of a Russian-based hacker group, which appears to be a joint effort by the Russian government and the Russian Mafia, has been revealed,
The Wall Street Journal reports.
Terming the hacker attack "Safacy" or "APT28," the computer anti-hacking firm's report, called "A Window Into Russia's Cyber Espionage Operations," notes, "We assess that APT28's work is sponsored by the Russian government" and is more technically sophisticated than Chinese-hacking efforts earlier detected and exposed by
FireEye, the report states.
"I worry a lot more about the Russians" than about China, James Clapper, director of national intelligence, said at a University of Texas forum, the Journal reports.
The malware used to invade top-secret computers is so sophisticated that it can even penetrate USB thumb drives used by workers to retain data when government computers are shut down to protect against hack attacks, the Journal reports, and is continually upgraded and improved.
The computer hack attacks detected by FireEye occurred from computer programs based on the Russian language and are operated during normal Russian working hours, Monday through Friday, in St. Petersburg and Moscow, using malware programs called "Sourface," "Eviltoss," and "Chopstick."
The hackers have spied on journalists, attendants at military meetings, governments in Georgia, Eastern and Western European countries, and even the security firm Blackwater, when it was thought to be sending troops to aid the Ukrainian government, according to the Journal. Blackwater, now known as Academi LLC, has denied this.
Other hacker targets are believed to be the Norwegian military, the Mexican government, the Pakistani navy, the Chilean military, the World Bank, and a special operations forces exhibition in Jordan.
"APT28 targets insider information related to governments, militaries, and security organizations that would likely benefit the Russian government," the report concludes.
"The activity that we profile in this paper appears to be the work of a skilled team of developers and operators collecting intelligence on defense and geopolitical issues — intelligence that would only be useful to a government.
"We believe that this is an Advanced Persistent Threat (APT) group engaged in espionage against political and military targets including the country of Georgia, Eastern European governments and militaries, and European security organizations since at least 2007," the FireEye report concludes.
While the report names no specific agency of the Russian government, "what we do have is evidence of long-standing, focused operations that indicate a government sponsor
— specifically, a government based in Moscow," it states.
The Journal reports that two other computer security firms, Crowdstrike Inc., and iSight Partners Inc., which work with U.S. authorities, have termed the hackers "Fancy Bear" and "Tsar Team," and confirm the names indicate Russian origin of the hacker attacks.
Laura Galante, FireEye manager and one-time Department of Defense Russian analyst, told the Journal, "Who else benefits from this? It just looks so much like something that comes from Russia that we can't avoid the conclusion."
"These are state-grade [hacking] weapons."