Fastest News Updates around the World

Russian Intelligence Services Accused of Hacking Data Collection by Polish Counterintelligence


- Advertisement -

Warsaw, April 13 – Poland’s Military Counterintelligence Service (SKW) and CERT cybersecurity group have accused Russian intelligence services of hacking the collection of information from the Foreign Ministry and embassies of various countries in the European Union.
“The Polish group CERT and the Military Counterintelligence Service noticed an espionage campaign related to the actions of the Russian special services. The purpose of the company was to illegally collect information from foreign ministries and diplomatic missions, most of which are located in NATO and European Union countries. ”
It notes that many of the elements of this activity “such as the infrastructure, methods, and tools used are identical in part or in whole to the previously described group activities that Microsoft names NOBELIUM and Mandiant – APT29.
According to the Polish side, the espionage group “is linked, among other things, to a group called SOLARWINDS TOOLS, SUNBURST, ENVYSCOUT, BOOMBOX, as well as many other companies of an intelligence nature.”

- Advertisement -

However, the procedures discovered and described by CERT and SKW differ from previous procedures by using unique programs that have not been publicly flagged before. New tools have been used in parallel and independently of each other or sequentially, replacing older solutions. , whose effectiveness was declining. This made it possible to maintain the continuity of the measures, “says the letter.
It was especially emphasized that at the time of the letter’s publication, “the campaign being conducted by the Russian intelligence group is not only ongoing, but also has the character of development.”
The report says that in all cases observed, a phishing technique was used. E-mails have been sent to some employees of diplomatic missions posing as embassies of European countries. The correspondence contained an invitation to attend a meeting or to collaborate on documents. There was a link in the body of the letter, or in the attached PDF document, purporting to point to the ambassador’s calendar with meeting details or a downloadable file. In fact, the link activated the malware.
Therefore, CERT and SKW recommend that “all entities that may be in the field of interest of this group implement mechanisms aimed at improving the security of the information systems used and increasing the level of attack detection.”
The West has repeatedly accused the Russian Federation of meddling in internal affairs and cyberattacks. Russia denied all accusations, saying that Western countries had not presented any evidence. Moscow has repeatedly stated that it is ready for a dialogue on cybersecurity. China also denied involvement in cyberattacks, describing the accusations as a political farce.

Leave a Reply

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More