back to article Kremlin-backed APT28 doesn't even bother hiding its attacks, says Finnish secret police

The Finnish Security Intelligence Service Supo is complaining that nation-state-level attackers aren’t even bothering to hide themselves from prying eyes. That news comes in the agency’s review of intelligence activity in 2016, announced here. The major trends in cyber-intelligence Supo highlights in the report are increasing …

  1. John Smith 19 Gold badge
    Unhappy

    Or are they....

    Russian ISP's have a certain reputation for hosting all sorts of no-questions-asked-as-long-as-the-bills-paid software.

    So yes it could be they are just so blatant they don't give a f**k who knows where they come from.

    Or maybe they are from somewhere else?

    Attribution is tricky. Although it always seems to be more so when it comes from the people on the "official friends" list (Stuxnet anyone?)

    1. Anonymous Coward
      Anonymous Coward

      Re: Or are they....

      They are active and some of the captured binaries have timestamps during business hours in a TZ which is between 2 and 4 hours off GMT Eastwards.

      That is all of Eastern Europe, Russia, ex-CIS states, a chunk of the Middle East. They also target a set of targets which are of interest to Russian state.

      That narrows them down to an operation which is in Eastern Europe and/or ex-Soviet Union and has the Russian state as one of its customers. It does not automatically equate to supported. Customer - pretty much guaranteed. Supported - we cannot prove that until we have successfully collared at least one perp and keelhauled him until he spits who is paying him.

    2. Olius

      "Attribution is tricky"

      Indeed. A few weeks ago we had news (via a well known leak site) that a certain govt agency was able to leave "signatures" of other countries' groups on the servers they target... so who can say who really did the hacking and why they left visible traces of themselves on those systems.

  2. Wolfclaw

    Why hide, Russia will just deny it anyway and it's business as usual.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like