A hacking team that Ukraine says is controlled by Russian intelligence has targeted a wide range of organisations in the country, including a “western government entity”, according to cybersecurity research published on Thursday and Friday.
The US and other allies have sent military advisers and cybersecurity experts to Ukraine in recent months to help defend against Russian forces, now massed on the neighbouring country's borders.
In a report issued on Friday, Microsoft Corp said a group called “Gameredon” had tried to obtain sensitive information from a wide range of military, governmental and non-governmental organisations in Ukraine since last October.
The report included a screen shot of one such attempt, which showed an email, embedded with malicious code, disguised as an official update on the Covid-19 pandemic from the World Health Organisation (WHO).
On Thursday, cybersecurity company Palo Alto Networks Inc said in its report that Gamaredon attacked a western government entity in Ukraine in January. The report did not name the entity, and a company representative declined to comment further.
Palo Alto Networks said it was able to track the Russian hacking mission by analysing a maze of different malicious Web domains designed to infect Ukrainian computers with malware.
Russia has amassed more than 100,000 troops along the border with Ukraine, prompting fears of war. Although denying it plans an invasion, Russia is demanding sweeping security guarantees including a promise that Nato never admit Ukraine.
In November, Ukrainian security services publicly attributed Gamaredon to a team of Russian Federal Security Service officers based in Crimea. The Russian embassy in Washington did not immediately reply to a request for comment about Gameredon.
“They were officers of the Crimean FSB, as well as traitors who sided with the enemy during the occupation of the peninsula in 2014,” Ukraine’s security service said. Also known as Primitive Bear by security researchers, Gamaredon is one of the most “active existing advanced persistent threats targeting Ukraine”, the Palo Alto report said in a statement.
“Given the steps and precision delivery involved in this campaign, it appears this may have been a specific, deliberate attempt” to target a “western government organisation,” a Palo Alto Networks spokesperson said.
Russia could use cyberattacks as part of its efforts to destabilise and further invade Ukraine, White House cyber official Anne Neuberger said on Wednesday, during a visit to her European counterparts.
Neuberger’s visit came just weeks after a different cyberattack against Ukrainian government websites left a warning to visitors:“be afraid and expect the worst.”