New Research into Russian Malware

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2019/10/new_research_in_1.html

There’s some interesting new research about Russian APT malware:

The Russian government has fostered competition among the three agencies, which operate independently from one another, and compete for funds. This, in turn, has resulted in each group developing and hoarding its tools, rather than sharing toolkits with their counterparts, a common sight among Chinese and North Korean state-sponsored hackers.

“Every actor or organization under the Russain APT umbrella has its own dedicated malware development teams, working for years in parallel on similar malware toolkits and frameworks,” researchers said.

“While each actor does reuse its code in different operations and between different malware families, there is no single tool, library or framework that is shared between different actors.”

Researchers say these findings suggest that Russia’s cyber-espionage apparatus is investing a lot of effort into its operational security.

“By avoiding different organizations re-using the same tools on a wide range of targets, they overcome the risk that one compromised operation will expose other active operations,” researchers said.

This is no different from the US. The NSA malware released by the Shadow Brokers looked nothing like the CIA “Vault 7” malware released by WikiLeaks.

The work was done by Check Point and Intezer Labs. They have a website with an interactive map.