Accessibility links

Breaking News

Russian Hacking Network Found Spying On U.S., Europe For Years

Russia has been cyberspying extensively on the United States and countries throughout Europe and Asia for seven years, Finnish data security firm F-Secure said in a report published September 17.

The report warns that a large and "well resourced" hacking group known as "the Dukes" is spying for the Russian government and outlines the wide-ranging attacks the group has made in the last seven years.

The hackers use a family of unique malware tools which steal information by infiltrating computer networks and sending the data back to the attackers, it said.

Some of the target organizations listed in the report include the former Georgian Information Center on NATO, Georgia's Defense Ministry, the foreign ministries of Turkey, Ukraine, and Poland, and other government institutions and political think tanks in the United States, Europe, and Central Asia.

"All the signs point back to Russian state sponsorship," said Artturi Lehtio, F-Secure's researcher heading the investigation.

Other reports have also found the Kremlin behind cyberespionage attacks in recent years.

A report by the U.S. security firm FireEye last year said a long-running effort to hack into U.S. defense contractors, Eastern European governments, and European security organizations was "likely sponsored by the Russian government."

U.S. security firm Symantec reported in 2014 the discovery of a highly sophisticated cyberspying tool called the Regin, which had been used since 2008 to steal information from governments and businesses.

The largest number of Regin infections -- 28 percent -- were discovered in Russia, with Saudi Arabia the next highest with 24 percent.

The Dukes hacking group is likely run by professional software developers, is based in Moscow, and works on behalf of the Russian Federation, F-Secure said.

Patrik Maldre, a junior research fellow with the International Center for Defense and Security in Estonia, said the report showed that Russia has invested "heavily" in cyber-capabilities and views those capabilities as "an important component in advancing its strategic interests."

"The connections identified in the report have significant international security implications, particularly for states in Eastern Europe and the Caucasus," he said.

“Smaller countries, such as Sweden and Finland, are particularly vulnerable to this kind of espionage," said Mika Aaltola, a program director at the Finnish Institute of International Affairs.

"Nordic and Baltic countries are always trying to balance Russian and western interests, and Russia uses its cyberattack capabilities to find ways to tip the balance in its favor.”

With reporting by AFP, Computing, and
  • 16x9 Image


    RFE/RL journalists report the news in 27 languages in 23 countries where a free press is banned by the government or not fully established. We provide what many people cannot get locally: uncensored news, responsible discussion, and open debate.

RFE/RL has been declared an "undesirable organization" by the Russian government.

If you are in Russia and hold a Russian passport or are a stateless person residing permanently in Russia, please note that you could face fines or imprisonment for sharing, liking, commenting on, or saving our content, or for contacting us.

To find out more, click here.