[dropcaps]I[/dropcaps]nstances of government sponsored malware are fairly rare, however according to security firm FireEye, the Russian government may be guilty. FireEye cites a group they have dubbed as APT28, whom say they are behind a steady stream of common malware dating back almost 7 years. The group does not seem to be harvesting data for economic gain (such as stealing credit card numbers, bank accounts, etc), but rather “APT28 focuses on collecting intelligence that would be most useful to a government. Specifically, FireEye found that since at least 2007, APT28 has been targeting privileged information related to governments, militaries and security organizations that would likely benefit the Russian government.”
The group already appears to be well known in the cyber security community, however it’s only recently that FireEye has linked the group back towards the Russian government.
Government sponsored malware has been in the news more and more, first with APT1 which was based in China. Even the United States is involved, with the use of Stuxnet which targeted Iranian nuclear facilities.
Although government malware is still rather unusual, this is the second time that Russia has been accused. Some readers may remember that Russia was in the news a few months ago when German security firm GData accused the nation of being behind the Uroboros malware.
FireEye has no direct evidence that the Russian government is behind the operation, however the circumstantial evidence appears to be strong enough. For example, the code betrays that the creators speak Russian, and it also appears that the group operates during “business hours” in prime Russian cities such as Moscow and St. Petersberg. FireEye has put all their evidence into a table with bullet points, as you can see here.