Offensive of the Kremlin hackers reaches the military networks of Spain

The nebula of hacker groups linked to Russia has now focused its efforts on attacking and stealing data from military computer networks around the world. NATO is its main objective, and therefore, Spain has also become a priority objective of these groups.

This summarizes the situation to ECD, a source of State security professionally dedicated to locating the origin of the cyber attacks that take place against the computer infrastructures of the public administration.

What they have detected in this 2018 is that the attackers now focus on obtaining information of a military nature, above other objectives considered more 'political', such as diplomacy and economics.

Defense and Foreign

In November 2017, ECD reported, based on information provided by a senior Spanish official, that the networks of the defense and foreign ministries were at that time "preferred" by the hackers linked to Russia.

These networks were under continuous attack, and it was assumed that on more than one occasion their beating had been successful. It was assumed with naturalness - and concern - that sensitive data of the State had fallen into the hands of others.

The Russian military intelligence firm

The Spanish intelligence assumes that, behind those groups of hackers, who adopt many names such as Fancy Bear, Swallowtail, Cozy Bear, Snake ... are undoubtedly the Russian secret services.

They speak, in particular, of the GRU (the military intelligence service), the SVR (dedicated to external information) and the FSB (the most powerful, emerging from the former KGB). It is suspected that it is the Russian intelligence community that is behind and sponsors the attacks of these groups.

A 'worm in the ear' for NATO

As ECD has known, from solvent and well-located sources, in 2018 an unusual activity has been detected by these groups against the military networks and infrastructures of NATO. And also against those of Spain, where they would have already become the number one objective.

According to some computer security consultancies, such as Symantec, the cause of some of these operations - "some detected and others not" - is a faction called 'Earworm', which means 'worm in the ear', which is how it works. denominates in Anglo-Saxon countries to a song 'catchy'.

Since its inception, Earworm has focused on military intelligence collection operations. All countries in the world are targets of their attacks but, according to the voices consulted, "shows a predilection for what has to do with NATO".

For that reason, the Spanish military networks have also received the visit of the Trojans with the signature of Earworm.

Infection through emails

Several reports from computer security analysts suggest that this group infects the networks, from which it wants to steal sensitive information, through waves of "phising" emails, the technique that consists of making the recipient believe that he has received a file from a credible source, supplanting their identity.

When accessing that file or address, the computer is infected with a Trojan, a 'worm' capable of automatically tracking the information contained within a network to locate the data of interest to them and send them to the attacker.

Screenshots, passwords

Among the capabilities of these Trojans are the possibility of taking screenshots at any time, and registering the keyboard keys that the user presses to obtain passwords.

According to the sources consulted, the techniques and tools used by these groups have become more complex, so they are increasingly difficult to track when they infect a computer network.

"They attack quickly, steal information, and then disconnect from the system or remain 'sleepers', so it is often practically impossible to detect them," these voices admit.

Date update on 2018-12-12. Date published on 2018-12-12. Category: hackers Author: Oscar olg Fuente: elconfidencialdigital