Representatives of the National Coordination Center for Computer Incidents (NKSKI) of the FSB of Russia at a meeting with journalists told about identifying a series of targeted attacks of professional cyber groups on Russian federal executive bodies (FOOIV), TADVISER reports.
Based on the complexity of the means and methods used by the attackers, as well as the speeds of their work and the level of training, we have reason to believe that this group has the resources of the level of foreign special services, ”said Nikolai Murashov, deputy director of the NKB of the FSB of Russia.
Attacks were identified in 2020. And the story of the discovery of the group that made them began at the end of 2019, when Rostelecom-Solar ensured the safety of IT of one of the state bodies, the company said. Then an attempt was discovered to touch one of the customer defense servers. Typically, attacks of this kind are not detected by standard protective equipment and antiviruses: these were traces that quickly disappeared, but giving the clue to understand what was happening, where the group came from and what methods were used.
As a result of the analysis, it turned out that the same group was present in the systems and other fuils. Moreover, the first signs of presence were dated back in 2017. That is, for more than 3 years, the grouping worked and carried out its actions in the IT infrastructures of government agencies, says Igor Lyapunov, vice president of IB Rostelecom.
The names of the attacked state bodies are not specifically called – for security reasons. The number of attacked fuels in the NKSTS also chose not to specify.
In all identified operations, the main goals of the attackers were a complete compromise of the IT infrastructure, as well as the theft of confidential information, such as postal correspondence, general and limited access files, infrastructure and logical schemes, etc., according to the analysis conducted by the NKSKI FSB of Russia and Rostelecom-Solar.
“ВЧК ОГПУ”