Foreign hackers compromised Russian federal agencies in a digital espionage campaign Russian officials said was unprecedented in scope and sophistication.
The little-noticed report – published this month by Russia’s FSB security service and Rostelecom-Solar, the cybersecurity arm of telecoms company Rostelecom – provides a detailed look at a purportedly state-backed cyber spying operation aimed at the Russian state.
The investigation describes the 2020 hacking campaign as “unprecedented”, it provides no indication of who might be behind it.
“Assessing the attackers’ level of preparedness and qualification … we are inclined to refer to this group as cyber mercenaries, pursuing the interests of a foreign state,” the report said, citing the hackers’ “thorough preparation” and intimate knowledge of Russian antivirus firm Kaspersky Lab’s software.
Kaspersky told Reuters it was aware of the report, but had no information to suggest the hackers exploited vulnerabilities in its products.
Government-backed reports about foreign hackers often serve as we-see-you messages to foreign intelligence services. Stefan Soesanton researcher at the Centre for Security Studies at the Swiss Federal Institute of Technology in Zurich, said he was struck by how little attention the report garnered in the Russian press.
The Solar-FSB report was published on May 13 and only began attracting notice in information security circles after it was picked up by the cyber-security company Recorded Future’s publication, The Record, a week later.
“If this report was a signalling effort by the Russian government to a Western intelligence service – as many claimed – then it was very subtle,” Soesanto told Reuters.
He said the report appeared to be aimed at a Russian audience, perhaps with the aim of burnishing Solar’s business credentials.
The announcement came as the Kremlin is increasingly under scrutiny in the US and elsewhere – not just over the SolarWinds hack, which Moscow denies carrying out – but also over allegations Russia knowingly harbours ransom-seeking cybercriminals.
The report also mentions hackers used cloud storage facilities of Russia’s leading technology firms, Yandex and Mail.ru, to help exfiltrate data.
Mail.ru said its cloud service was neither compromised nor used to distribute malware during the hacks. Yandex declined comment.