That monkey video in your email inbox might be funny to look at, but it also probably means you’re being hacked by Russians.
Researchers have discovered a new hacking group called the “Dukes” that appears to be backed by the Russian government. One of their tactics involves displaying monkey videos to trick victims into downloading malware.
“The Dukes are a well-resourced, highly dedicated and organized cyberespionage group that we believe has been working for the Russian Federation since at least 2008 to collect intelligence in support of foreign and security policy decision-making,” the Finnish-based cybersecurity firm F-Secure reported last week.
The group was first identified hacking Chechen targets in 2008 and has since added targets such as Ukraine, Austria, the U.S., NATO, and even Russian drug dealers. F-Secure said the group generally works inside Moscow’s standard business hours, 9 a.m. to 7 p.m. weekdays, and initiates attacks by sending phishing e-mails to its victims.
Unlike other sophisticated phishing attacks that typically use personalized e-mails that contain information relevant to their victims, F-Secure reported, many of the e-mails sent by the Dukes were made to look like spam.
“The contents of these decoys range from non-targeted material such as videos of television commercials showing monkeys at an office, to highly targeted documents with content directly relevant to the intended recipient such as reports, invitations, or lists of participants to an event,” the report stated.
Specifically, the hackers used a 2007 Super Bowl commercial for a job-seeking website that showed monkeys in an office. Victims who attempted to watch the commercial downloaded malware in the process.
“The Dukes appear to prioritize the continuation of their operations over stealth,” the researchers said, noting that they often continued operations “even after their activity had been outed by multiple security vendors.”
Related Story: http://www.washingtonexaminer.com/article/2571140
“This apparent disregard for publicity suggests, in our opinion, that the benefactors of the Dukes is so powerful and so tightly connected to the group that the Dukes are able to operate with no apparent fear of repercussions,” the authors continued. “All of the available evidence … in our opinion suggest that the group operates on behalf of the Russian Federation.”
Even after their techniques were analyzed by cybersecurity firms and published in media outlets last year, the researchers added, they continued to use the same phishing techniques without any variations. “It underlines their boldness, arrogance and self-confidence; they are clearly confident in both their ability to compromise their targets even when their tools and techniques are already publicly known, and critically, they appear to be extremely confident in their ability to act with impunity,” they wrote.
F-Secure researcher Artturi Lehtiö expanded on the report in comments to the DailyDot. “They only appear to be getting bolder and more brazen in their activities,” Lehtiö said. “I think the fact that they’ve been operating non-stop for at least seven years is testament to the value the Dukes are generating for their benefactors.”
State-backed hacking groups are common in China. Even without an official cyber command the country leads the world in attacks through organizations backed by the People’s Liberation Army. Russia’s Ministry of Defense, meanwhile, has been developing a cyber command to rival its counterpart in the U.S., making its continued clandestine operations particularly notable.
