The secret services warn that Russian intelligence is going to focus on the most recent security breaches and the weaknesses of IT providers
Spanish intelligence services expect the cyber war launched by the Kremlin against Western countries to coincide with the invasion of Ukraine to intensify in the coming weeks. The National Cryptologic Center (CCN-CERT), the technological heart of the National Intelligence Center (CNI), launched an alert last Friday through a so-called ‘vulnerability bulletin’ in which it warns that Spain (its interests, its companies or its institutions) could be imminently the target of cyberattacks by hackers “associated” with the Russian secret services.
In its alert, the CNI shares an article by one of the most prestigious groups in the study of network warfare, the VMware Threat Analysis Unit (TAU), which is made up of some of the leading cybersecurity specialists in the world. planet. This group and the Spanish specialists of the CCN agree that the “next cyber attacks” against the West will be launched through some of the ‘Advanced Persistent Threat Actors (APT)’ (expert hackers) who are “backed” by the GRU ( Glávnoye Razvédyvatelnoye Upravlenie), the Main Intelligence Directorate of the Russian General Staff.
The CNI and VMware share the diagnosis: the greatest current threat -in the midst of a war crisis with Russia- both for Spain and for the rest of the NATO countries comes from two groups of hackers paid by the Kremlin espionage and who are at the vanguard of Putin’s hybrid warfare. The first is the so-called APT 28 or Fancy Bear. This group, according to those responsible for Spanish national security, has been acting against the West since the 2014 invasion of Crimea unleashed hostilities with NATO. This group is directly related to military unit 26,165 of the Main Center for Special Services (GTsSS), an elite group of codebreakers born in the Cold War and now dedicated to coordinating hackers.
The second group is called the Sandworm Team and is, according to the documents released by the CNI, “a group of destructive threats”, linked to another GRU unit, 74,455.
The Spanish and VMware experts are convinced that the attacks Russia is preparing are going to be of two types. The first will be the so-called ‘zero-day’, that is, they will sneak into systems taking advantage of recently discovered software security flaws for which there are still no patches because the developers of the program itself were unaware of the existence of these ‘holes’. The second type of sabotage will be ‘supply chain’. Or what is the same: enter systems taking advantage of weaknesses of internet providers or software or hardware providers.
The document distributed by the National Intelligence Center does not walk around with hot cloths about the damage that this type of attack can cause and how complicated it can be to anticipate an offensive of this magnitude: «With the rapid increase in intelligent and innovative attacks by of agile adversaries, even the strongest perimeter defenses can be breached, allowing attackers to gain access to the data center and broader multi-cloud environment. Once inside, they can perform reconnaissance, elevate privileges, move laterally, and potentially access, rescue, or exfiltrate highly sensitive data,” the report concludes.
Eddie is an Australian news reporter with over 9 years in the industry and has published on Forbes and tech crunch.