Further Anomalies in Russian Cybersecurity

The original allegations that Russia had hacked Ukraine and its electrical grid haven't been borne out, but they did spur more instances of alleged Russian cyber attacks. The most recent cases involve the Czech government and experts in the cyber security field.

First Published 2nd February 2017

Further Anomalies in Russian Cybersecurity

The list of countries accusing Russia of attacks is growing.

4 min read  |  Reflare Research Team

While the debate over whether and how Russia may have used hacking to influence the 2016 U.S. election has somewhat quieted down, other cyber security events seemingly related to Russia have continued.

In this briefing, we will take a look at two of them: Cyber attacks against Czech government officials and the arrest of Russian cyber security experts.

Czech Republic Attacks

The Czech government has released a statement outlining a cyber attack against it which was uncovered in January. No details regarding the exact timing of methods used in the attacks have so far been made available.

The attack allegedly targeted the email accounts of government officials and diplomats - some of which contained communications with NATO officials. The highest ranking official hit by the attack is Lubomír Zaorálek, the Czech Republic's foreign minister.

The Czech government states that it believes these attacks were carried out by a state actor and informal sources claim that Russian involvement is suspected.

Since no information on the attacks is publicly available, and to our current knowledge all government officials implicating Russia did so anonymously, we have no data on which to evaluate the likeliness of Russian involvement. For now, we will therefore treat it as merely a claim.

That said, using cyber attacks against geopolitically weaker countries in the European east block would make sense from a Russian perspective as it would allow access to EU and NATO information at a fraction of the risk and cost of attacking a western EU nation.

We will continue monitoring this situation and share information with you as it becomes available.

Arrests of Russian Experts

Last week saw the arrests of three leading Russian cyber security experts:

  - Sergei Mikhailov, deputy head of the FSB’s Centre for Information Security,

  - Dmitry Dokuchayev, the deputy of Sergei Mikhailov, and

  - Ruslan Stoyanov, a cyber security researcher at Kaspersky Lab.

All three were charged with treason and the arrests were widely publicized in Russian media.

So far, no details on the treason charges have been made public.

While it is possible that each of these three may / may not have committed acts of treason, Russia has historically used treason charges to both silence dissidents and cull people from positions of power.

At the time of writing, whether this is the case for these information security professionals remains unclear.

While we currently cannot determine what is happening within Russian cyber security cycles, the fact that something is happening is definite - with the most probable scenarios being either a culling is taking place, or an act of treason has happened. Both scenarios are likely to have geopolitical implications as the Russian authorities continue their investigations.

We expect this story to keep resurfacing over the coming weeks as information is released by Russian officials. If, and how the international media choose to report this story will be of interest to the information security community globally, particularly given the heightened (and at times misinformed) assertions surrounding Russian cyber activities allegedly influencing the recent U.S. election.

We suspect that with the media shifting from the past news of the election to the current events of the administration, there will be less reporting of "Russian Hackers" in the public domain, but this remains to be seen. We shall continue to monitor the situation and comment as justified.

Subscribe by email