APT28, Russian Hacker Group Identified in Another Cyberattack
Denmark on Monday alleged that the Russian hackers have been targeting the Danish Defense for the past two years. Claus Hjort Frederiksen, the defense minister, denounced Moscow’s “aggressive” behavior following reports of Russian hackers trying to infiltrate the defense ministry’s email accounts.
Denmark says Russia hacked its Defense ministry emails
“This is part of a continuing war from the Russian side in this field, where we are seeing a very aggressive Russia,” Defense Minister Claus Hjort Frederiksen told the Danish news agency Ritzau.
Denmark has revealed that Russia has been trying to target the country’s defense but with limited success. The Centre for Cyber Security (CFCS) published a report revealing that a Russian hacker group gained entry to employee emails in 2015 and 2016. The report was published on Sunday and accused a group of hackers previously tied to Kremlin of breaking into the emails of defense ministry employees for two years. The hacker group APT28 – previously named by several other intelligence agencies, including the FBI, as the face of the Kremlin – was identified in the report. The report said it was “very likely” that APT28 was behind this.
Frederiksen assured that “the hacked emails don’t contain military secrets,” adding that “it is of course serious.”
“What’s happening is very controlled. It’s not small hacker groups doing it for the fun of it. It’s connected to intelligence agencies or central elements in the Russian government, and holding them off is a constant struggle.”
According to the CFCS report, hackers only managed to gain access to non-classified information. However, the ministry worries that the information mined through these attacks can be used to recruit, blackmail or plan espionage.
The Copenhagen Post said that the report was published a day after a risk assessment from the Danish Defence Intelligence Service (DDIS) that warned the Danish soldiers being deployed in Estonia to “be wary of so-called Russian ‘honey traps’.” Today’s news from Denmark is yet another in the series of intelligence agencies and government officials accusing Russia of cyberattacks.
The report can be accessed here (Danish). CPH Post has shared the following timeline of Russian cyberattack against the Danish Defense ministry.
– March-June 2015: A smaller number of phishing emails were sent to specific employees working in the Defence Ministry and Foreign Ministry
– April-June 2015: First attempt to steal login information using a fake login site for the Defence’s email system. Several hundred phishing emails were sent to specific employees working for the Defence Ministry again
– June-October 2015: A small number of phishing emails were sent to specific employees working for the Defence Ministry and Foreign Ministry
– September-October 2015: The second attempt to steal login information was attempted, again using a fake login site. Several hundred phishing emails were sent to specific employees working for the Defence Ministry during this time as well. During the same period, attempts to force entry to Defence email accounts were also discovered
– February-April 2016: Reconnaissance activity against the Defence’s emails and other public authorities’ email systems
– April 2016: Hackers try to force entry into several user accounts for remote access for servers for several Defence IT systems. Should one such server be compromised, the hacker can potentially gain access and control it.
– October 2016: The hacker’s third attempt at stealing login information using a fake login page is attempted and about 1,000 phishing emails were sent to specific employees working for the Defence Ministry again.