Russian hackers are increasing their operations in cyberspace. Cybersecurity researchers from Unit 42 of Palo Alto Networks, a company specializing in the production of telecommunications equipment, have listed the attacks and intrusion attempts of the hacker group Trident Ursa. According to their latest reportthe attackers attempted to infiltrate the computer system of an oil refinery in a member country of the North Atlantic Treaty Organization last August.
A country that “continues to import oil from Russia“
Since the beginning of the war in Ukraine, the group, also known as Gamaredon, UAC-0010, Primitive Bear or Shuckworm, has distinguished itself by the growing increase in its cyberattacks against Ukrainian interests or partner countries of kyiv. The group is in direct contact with the Federal Security Service (FSB) of Russia, according to the Ukrainian authorities.
The attempted intrusion into the refinery in this NATO country took place on August 30, according to researchers. The hackers resorted to spear phishingtargeted phishing, by sending emails containing the terms “military assistance to Ukraine” in the name of the files addressed to the victims. The hackers ultimately failed to penetrate the plant’s system. The refinery is based in a country that “continues to import oil from Russia“, says Unit 42 to CNN without mentioning his name.
Targeting of “allies of Ukraine and NATO“
By managing to break into the refinery’s internal system, the hackers would have been able to gather strategic information. Data that could have been analyzed directly from Russia.
“Traditionally, Trident Ursa has primarily targeted Ukrainian entities with decoys in Ukrainian. While this remains the most common scenario for this group, we have seen a few instances where they have used English decoys. We believe these samples indicate that Trident Ursa is attempting to bolster its intelligence gathering and network access against Ukraine and NATO allies.“, say experts from Palo Alto Networks.
The group of Russian hackers would not use very complex techniques, but would redouble their efforts to deeply obfuscate (make unreadable) the various digital signatures of their malware, without much success. Indeed, the pirates’ operations would be “regularly spotted by researchers and government organizations. But they don’t seem to care“, according to the findings of Unit 42.
A report that comes a few days after Rob Joyce, director of the National Security Agency (NSA), alerted to the growing risk of cyber threats in the field of energy. “I would not encourage anyone to be complacent or unconcerned about threats to the energy sector globally“, he launched, quoted by CyberScoop.
According to the latest report from the US agency, cyberattacks from Moscow are beginning to spread outside Ukraine. NATO member countries could be targeted in the coming months, said Rob Joyce. An organization that is not free from criticism. As a reminder, the NSA practiced for several years a massive espionage at the World level.
Hackers affiliated with Russia targeted a refinery in a NATO member country