UPDATED 13:11 EDT / SEPTEMBER 23 2022

SECURITY

Google’s Mandiant finds evidence of Russia coordinating with hackers

Google LLC’s Mandiant subsidiary has found evidence indicating that Russia’s military intelligence agency, the GRU, is coordinating with three pro-Russian hacktivist groups.

The Wall Street Journal reported the discovery today. 

Mandiant became part of Google through a $5.4 billion acquisition that closed earlier this month. It provides cybersecurity services that help companies respond to data breaches in their corporate networks. Additionally, Mandiant collects data about hacker activity.

Over the past few months, Mandiant has observed what appears to be coordination between Russia’s GRU military intelligence agency and three hacktivist groups. The company says that the three groups are known as XakNet Team, Infoccentr and CyberArmyofRussia_Reborn.

As part of its efforts to collect data about hacker activity, Mandiant monitors cyberattack campaigns. The cyberattacks discovered by Mandiant over recent months included four breaches in which GRU placed data wiping malware on organizations’ networks. Within 24 hours of each breach, hacktivists published data stolen from the organizations targeted by the data wiping malware. 

One of the three hacktivist groups named in today’s report, Killnet, has targeted organizations in Japan, Italy, Norway, Estonia and Lithuania with DDoS attacks. A DDoS or distributed denial-of-service attack is a type of hacking campaign that attempts to overwhelm an organization’s servers with a large number of network requests. 

Government agency websites in Lithuania were targeted with at least two waves of DDoS attacks this past June, the Journal reported today. Killnet claimed responsibility for launching some of the attacks. The DDoS campaigns were reportedly unusual because they were “unfocused and never reached a crippling level,” yet persisted for a significant amount of time.

Killnet also claimed responsibility for a wave of DDoS attacks that targeted organizations in Estonia this past August. The hackers sent up to 200 gigabytes of data per second to the targeted organizations’ systems in a bid to overwhelm them, according to today’s report. Estonia successfully repelled the DDoS attacks.

The Journal reported today that there were also “a handful of incidents” targeting organizations in the U.S. Congress.gov, the official website for Congress legislative information, went offline for about two hours in June as a result of a DDoS attack. In August, Killnet said that it was launching a cyberattack against Lockheed Martin Corp. and published documents that were described as having been stolen from Gorilla Circuits, a defense industry supplier that makes circuit boards. 

“We have never previously observed such a volume of cyberattacks, variety of threat actors, and coordination of effort within the same several months,” Mandiant researchers stated.

Image: Unsplash

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU