Site icon Sophos News

Russian “government hackers” charged with cybercrimes by the US

You’ve probably seen the news that six Russians, allegedly employed by the Russian Main Intelligence Directorate, better known as the GRU, have been charged with cybercrimes by the US Department of Justice (DOJ).
The DOJ alleges that the defendants, all men, “caused damage and disruption to computer networks worldwide, including in France, Georgia, the Netherlands, Republic of Korea, Ukraine, the United Kingdom, and the United States.”
This group and its activities, says the DOJ, have been given a variety of different nicknames by cybersecurity researchers: Sandworm Team, Telebots, Voodoo Bear, and Iron Viking.
Sophos cybersecurity expert Chester Wisniewski had this to say about the US charges:

The indictment of the Russian GRU hackers related to the attacks referred to collectively as “Sandworm” is an interesting development in attempts by Western governments to rein in foreign adversary attacks. Sandworm has operated for more than 10 years and has played nearly every card in the attacker playbook. They are accused of having used spearphishing, document exploits, password stealers, living-off-the-land tools, supply chain hijacking and destructive wipers that have pretended to be ransomware in efforts to create false flags for investigators. They have been a noisy operation and many of us have been expecting this day to come for some time.
Another result of this noisiness is they have popularized sophisticated nation-state level tactics to be copied by everyday criminals. While they did not pioneer all these methods, they certainly perfected them and exposed their usefulness in breaching organizations’ defenses. Considering the accused are members of the Russian military intelligence (GRU) they are unlikely to ever be arrested. Three of the accused were previously indicted for other crimes and these indictments might prove to embolden them rather than curb their behavior.
We’re no safer than we were yesterday, and we need to continue to bolster our defenses to be prepared for Sandworm or any of the garden variety criminals they have inspired. Were they to be arrested, their replacements are already in training and the relentless thirst of nation-states to compromise and interfere with their adversaries goes undeterred.

Simply put, this indictment doesn’t really put an end to anything – it’s a reminder that cybercrime is here to say, and that the techniques developed by one group rarely stay within that group for long.

What to do?

As Chester points out above, cybersecurity isn’t only, or even predominantly, about heading off state-sponsored attacks, for the simple reason that the same attack techniques work no matter who carries them out.
(A ransomware attack that ruins all your files will disrupt your immediate business operations just as abruptly whether the attackers try to blackmail you for $3000 or $3,000,000.)
Here are some tips for defending in the most general way against the sort of techniques listed by the DOJ:

Remember: there’s no such thing as being “too small” or “not important enough” to be targeted or affected by cybercriminals.

“CYBERCROOKS AREN’T INTERESTED IN LITTLE OLD ME”: LEARN WHY THAT’S NOT TRUE

“No one’s too small” section starts at 4:27. Click-and-drag on the soundwaves to fast forward.


Exit mobile version