Over the last half decade or so, Russia's state-sponsored hackers have distinguished themselves as the most active, aggressive, and disruptive teams of online aggressors in the world. They've meddled in elections, blacked out power grids, innovated devious new forms of espionage, hacked the Olympics, and unleashed the most destructive worm in history—a list that makes even China's cyberspies look like tame clerical workers by comparison. Now two cybersecurity firms have created a new visual taxonomy to organize all that digital chaos—and in doing so, perhaps helped crystallize who the distinct players are within the Kremlin's hacking forces.
Two Israeli companies, Check Point and Intezer, today released the results of a broad analysis of code that's been previously attributed to Russian state-sponsored hacking operations. The two firms pulled 2,500 samples from the malware database VirusTotal and used Intezer's automated tools to comb those specimens for code matches or similarities, filtering out false positives like reuse of open source components. The result is a kind of constellation chart for every known Russia state hacking group's tool kit, showing clusters that likely represent independent groups. "The information has previously been really scattered. Now for the first time we have a one-stop shop for Russian APTs," says Yaniv Balmas, Check Point's head of cyber research, using the acronym for "advanced persistent threat," an industry term for sophisticated state hackers. "You can look at this, and it’s all there."
Click here for an interactive version of this map of ..
Support the originator by clicking the read the rest link below.
