Tag Archives: hacking by Russia Foreign Intelligence Service

Inflicting Pain. the Cyber Way

Leave a reply

Hackers backed by the Russian government have changed tactics in a yearslong campaign against energy companies in North America, Europe and the Middle East, according to Amazon.com cybersecurity researchers. The attackers are targeting internet routers and other widely used devices that have been set up incorrectly or sport known security holes….

In the latest attacks, which Amazon links to Russia’s military intelligence operation known as the GRU, hackers are breaking into electricity and other energy providers and third parties that sell security services to the sector, to steal the legitimate credentials of employees. The hackers try to establish long-term access, likely for espionage purposes, to harvest login information and other data, and move around corporate networks over time…Tools used by Amazon to monitor activity on its cloud infrastructure picked out “coordinated operations” against customer devices hosted on Amazon Web Services… That includes persistent connections to vulnerable routers, network management tools and other devices, and signs that data was being collected

France recently accused the GRU of waging cyberattacks against French ministries, defense contractors and media outlets with the aim of gathering intelligence and sowing division in the country. The European Union a year ago sanctioned a unit of the GRU’s Department of Special Tasks for orchestrating “coups, assassinations, bombings, and cyberattacks” in Europe and elsewhere. At the same time, the U.S. indicted members of the unit on similar charges.

Excerpt from  Kim S. Nash, Suspected Russian Hackers Step Up Attacks on U.S. Energy Firms, Research Shows, WSJ, Dec. 15, 2025

The Role of Telegram in the Russia-Ukraine War

Leave a reply

Russian authorities have reacted with unusual fury to the arrest of Telegram founder Pavel Durov by French authorities on August 2024. Telegram is more than a mere social-media app to Moscow. Russian soldiers and spies depend on it for battlefield communications, including the guidance of artillery, the coordination of movements and intelligence gathering. “Many are joking that the arrest of Pavel Durov is essentially the arrest of the chief signals officer of the Russian armed forces,” said Aleksey Rogozin, a Russian parliament adviser and former senior military industry executive.

“As wild as it sounds, the transmission of intelligence, the targeting of artillery, the broadcasting of drone feeds and many other things are currently very frequently done via Telegram,” Rogozin said on Telegram… 

Both the Russian and the Ukrainian militaries started relying on commercial platforms. While the Ukrainians prefer Western providers such as Signal or Discord, the Russians chose Telegram because it is based in the United Arab Emirates, which maintains good relations with Moscow. They think the app is more impervious to Western signals intelligence.

Russian volunteers who supply drones, night-vision scopes, vehicles and other aid to military units operate almost exclusively through Telegram. The service also has offered a lucrative social-media platform to Russian war propagandists, with millions of subscribers, who work in close cooperation with the Russian Ministry of Defense.

“The detention of Durov, by itself, wouldn’t have necessarily caused such a resonance in Russia, except for one circumstance. De facto, it is the main messenger of this war, an alternative to the classified military network,” Andrey Medvedev, a correspondent for Russian state TV and a deputy chair of the Moscow city council, wrote on Telegram…

The Russian government has reacted to Durov’s detention in France with far more outrage and fury than would be expected given the circumstances of the entrepreneur’s departure from Russia in 2014…The director of Russia’s SVR external intelligence service, Sergey Naryshkin, said recently that he expects Durov not to share with French and other Western governments any information that would harm the Russian state. “I very much count on him not to allow it,” the Russian spymaster said in an interview with TASS news agency.

Excerpt from Yaroslav Trofimov, Telegram Arrest Sows Russian War Worries, WSJ, Aug. 31, 2024

How Russia Invaded Microsoft

Leave a reply

Microsoft  said in March 2024 a Russian state-sponsored hacking group that stole information from its senior leadership team is still using that information to gain unauthorized access to its internal systems. The technology company disclosed in January  2024 that the group, which it has identified as Midnight Blizzard, had extracted information from a small percentage of employee email accounts, including members of its senior leadership team and employees in its cybersecurity and legal teams. Since that disclosure, the group has used that information to gain access to Microsoft’s source code repositories and internal systems. The volume of some aspects of the attack, including password sprays, jumped 10-fold in February compared with the already large volume Microsoft encountered in January, it said.

“Midnight Blizzard’s ongoing attack is characterized by a sustained, significant commitment of the threat actor’s resources, coordination, and focus,” Microsoft said. The company said that its investigations of Midnight Blizzard activities are continuing and that it is coordinating efforts with federal law enforcement. In a blog post last August 2023, Microsoft said it had detected Midnight Blizzard, previously known as Nobelium, launching targeted social-engineering attacks that used Microsoft Teams chats to phish for credentials. The former Nobelium group has been linked by U.S. authorities to the Foreign Intelligence Service of the Russian Federation and is known for its involvement in the massive SolarWinds hack of 2020.

Excerpts from Dean Seal, Microsoft Says Russian-Sponsored Hackers Still Using Stolen Information, WSJ, Mar. 9, 2024