Russian Intelligence Services are Working with Ransomware Gangs, Report Says

CBS News reports:
Russian intelligence services worked with prominent ransomware gangs to compromise U.S. government and government-affiliated organizations, according to new research from cybersecurity firm Analyst1.

Two Russian intelligence bureaus — the Federal Security Service, or FSB, and Foreign Intelligence Service, or SVR — collaborated with individuals in “multiple cybercriminal organizations,” security analysts with the firm say in the report. The research indicates these cybercriminals helped Russian intelligence develop and deploy custom malware targeting American companies that serve U.S. military clients… The code was launched sometime between June 2019 and January 2020 and hid in the background of Windows machines, silently harvesting keystrokes and sensitive documents…

Analyst1 does not attribute the rise in organized criminal ransomware directly to Russian President Vladimir Putin or the Kremlin. But DiMaggio does “strongly believe” the Russian government colluded with cybercriminal gangs to spy on American defense targets.

The report described said two different Russian cybercriminal groups attacked the same target, infiltrated their targeted systems, “then distributed malware using a PowerShell Windows application…”

The report’s author, a lead researcher at Analyst1, tells CBS that the ransomware variation “crawls documents for specific keywords, like ‘weapon’ and ‘top secret,’ then quietly sends the info back to the attacker.”