The little-noticed report published this month by Russia’s FSB security service and Rostelecom-Solar, the cybersecurity arm of telecoms company Rostelecom provides an unusually detailed look at a purportedly state-backed cyber spying operation aimed at the Russian state.
But while the investigation describes the 2020 hacking campaign as “unprecedented”, it provides no indication of who might be behind it.
“Assessing the attackers’ level of preparedness and qualification … we are inclined to refer to this group as cyber mercenaries, pursuing the interests of a foreign state,” the report said, citing the hackers’ “thorough preparation” and their intimate knowledge of Russian antivirus firm Kaspersky Lab’s software.
Kaspersky told Reuters it was aware of the report, but had no information to suggest that the hackers had exploited any vulnerabilities in its products.
Government-backed reports about foreign hackers often serve as we-see-you messages to foreign intelligence services, but Stefan Soesanto, a researcher at the Center for Security Studies at the Swiss Federal Institute of Technology in Zurich, said he was struck by how little attention the report seems to have garnered in the Russian press.
The Solar-FSB report was published on May 13 with little fanfare and only began attracting notice in information security circles after it was picked up by cybersecurity company Recorded Future’s publication, The Record, more than a week later.
“If this report was a signalling effort by the Russian government to a Western intelligence service as many have claimed – then it was a very subtle signal,” Soesanto told Reuters on Wednesday.
He said the report appeared to be aimed at a Russian audience, perhaps with the aim of burnishing Solar’s business credentials.
The announcement came as the Kremlin is increasingly coming under scrutiny in the United States and elsewhere not just over the SolarWinds hack, which Moscow denies carrying out but also over allegations that Russia knowingly harbours ransom-seeking cybercriminals.
The report also mentioned that hackers had used the cloud storage facilities of Russia’s leading technology firms, Yandex and Mail.ru, to help exfiltrate data. Mail.ru said its cloud service was neither compromised nor used to distribute malware during the hacks. Yandex declined to comment.
(Reporting by Alexander Marrow in Moscow and Raphael Satter in Washington; Editing by Nick Macfie)