[ad_1]
The Sandworm Russian military intelligence team, allegedly unleashing computer havoc against the Kremlin’s enemies around the world, is said to operate from a blue-tinted glass skyscraper known simply as “the tower.”
From that address, 22 Kirova Street in the Moscow suburb of Khimki, the Sandworm hackers, also known more prosaically as unit 74455 and “the main hub for special technologies”, launched attacks on the Ukrainian electrical system, the candidacy President of Emmanuel Macron in France. in 2017, the 2018 South Korean Olympics, and the UK’s investigation into the 2018 Russian nerve agent attack in Salisbury.
According to cybersecurity experts, the same unit was involved in the Hacking of the Democratic National Committee and Hillary Clinton’s election campaign in 2016, disguised as a hacktivist group dubbed Fancy Bear.
On Monday, authorities in the United States and the United Kingdom accused the unit of planning a cyberattack at the 2020 Olympic and Paralympic Games in Tokyo.
They not only caused confusion and inconvenience. Aside from their alleged role in the rise of Donald Trump, they are accused of depriving hundreds of thousands of Ukrainians of light and heat in the dead of winter and shutting down the computer systems of a major Pennsylvania hospital. His exploits are a preview of the unfettered cyberwarfare that might appear in the real world.
The US indictment of six Sandworm agents, all GRU military intelligence officers, gives a detailed description of how they conducted their affairs.
In preparation for the attack on the Olympics, they studied the tactics and style of their North Korean counterparts, the Lazarus group, so that they could emulate them and cast suspicion on Pyongyang.
When the UK Defense Science and Technology Laboratory and the Organization for the Prohibition of Chemical Weapons in The Hague began investigating the attack by nerve agent Novichok on a KGB defector Sergei Skripal and his daughter Yulia in March 2018 , Sandworm hackers sent phishing emails to researchers from both organizations allegedly from well-known German and British journalists.
To increase the chances that at least some of the recipients clicked on the malware links, the “journalist” claimed to have information relevant to the investigation.
The indictment is based on lengthy investigations by FBI analysts in cooperation with Google, Cisco, Facebook, and Twitter, as well as allied intelligence agencies, notably the Five Eyes alliance, from the US, UK, Canada, Australia and New Zealand.
According to the indictment, investigators were able to monitor the hackers so closely that they caught one of them, named Anatoliy Kovalev, doing a bit of moonlighting, targeting Russian real estate companies and car dealerships, as well as cryptocurrency exchanges. abroad, apparently for private profit.
Thomas Rid, professor of strategic studies at Johns Hopkins University and author of Active Measure, a book published this year on disinformation operations, said the level of detail in the indictment reflects the degree to which the teams’ own networks were infiltrated. by GRU.
“Today’s GRU indictment is an incredible document,” Rid wrote on Twitter. “The Five Eyes intelligence communities, I suspect, must have astonishing visibility into Russian military intelligence operations if today’s revelations are deemed expendable.”
Despite all the efforts that the 74455 unit made to cover its tracks, it appears that they have been notably careless in other respects.
According to Aric Toler of the Bellingcat investigative journalism team, three of the six defendants searched their cars at the same address, which is also linked to the Sandworm unit.
“If you look for all the people who register their cars at this address, you get 47 hits, all probably GRU hackers.” Toler said.
[ad_2]
