Related news
The war in ukraine It takes place on two planes. One in which you see, with the bombs falling, the children fleeing and the pregnant women giving birth as well as they can. The collapsed buildings, the advancing tanks and the sounding anti-aircraft sirens have become a continuum in the 17 days of war.
But there is another one that cannot be seen, that cannot be touched or heard, but that is essential for innocents to die and the foundations of the West to lose control. It is the war that is played in cyberspace.
Some days ago, THE SPANISH published that he National Intelligence Center (CNI) warns that Spain has been suffering cyberattacks aimed “to influence or alter opinions by making intentional use, and generally planned and organized, of information aimed at undermining the security and stability of the ecosystems that make up society.”
The Spanish intelligence services have no doubt that these interferences come from Russia, from within the Kremlin and from the spies of the country led by Vladimir Putin. And it directly targets two groups of hackers: Fancy Bear y Cozy Bear.
Two ways to act
“They are organizations promoted by the Russian government, there is no doubt about that,” explains José Lancharro, director de BlackArrow, the offensive and defensive services division of Tarlogic Security.
Vladimir Putin attends a video conference in the Kremlin.
EFE
–
–
The way of ‘working’ of the two groups is different. Also the names can vary, but the best known are APT28 for Fancy and APT29 for Cozy. “The former depend on the FSB, which are the Russian foreign intelligence services. Its objectives are tangible and measurable: for example, interfering in foreign electoral campaigns or discrediting institutions”, explains Lanchorro, who gives as an example the attacks on Hillary Clinton when she ran for the 2016 North American elections or the assault on the data of the athletes in the American anti-doping agencies. and overall. Their goal is to destabilize the West.
Cozy is something else. “They are military in nature”, summary Lancharro and the manager of BlackArrow, José Miguel Gómez-Casero. Silent, without attracting attention, “they are like a bad cancer that spreads to get all the intelligence possible for as long as possible without reaching a specific goal, the goal is the path.”
Cozy Bear is a long-distance runner. His ideal is to spend years inside one of his ‘victims’ until they can squeeze all the relevant information out of them. And in recent years they have improved his technique in “permanence”, which is how it is known in the world of cybersecurity. capacity so that tomorrow they can re-enter on your goals to keep getting information.
The attack on SolarWinds
The goal of APT29 is unnoticed. That no one finds out that they are there to do their job. They don’t like the press, so their operations and themselves are less well known. A very notorious one was SolarWinds.
It was late 2020 when Cozy got necklace a virus in one of the updates to Orion, a network monitoring and management application. This program, created by SolarWindsis one of the most used and its worldwide distribution was another of its main headaches.
According to a statement published by the company itself, around 18,000 organizations around the world would have downloaded the update infected with the virus. Among them, some institutions as delicate as the Treasury DepartmentCommerce and Homeland Security of the United States.
Thomson Reuters
–
–
“But then it was discovered that they had been carrying out this operation since the summer of 2019. Imagine, a year and a half in there without being detected. Some of our specialists have taken a look at that and have a sickly level of sophistication”, explains Lancharro.
This technique used against SolarWinds is known as post-exploitation, which is nothing more than knowing how to move around the network to find the secret information of your enemies or being able to reach the cloud where that data is stored and get it out. That’s where Cozy is good.
Fancy, for its part, uses more of the phishing technique, which is a method to trick you into sharing passwords, credit card numbers, and other sensitive information.l posing as a trusted institution in an email or phone call. It is not a technique “very intellectually advanced, but it works for them.”
Among his last milestones It is one related to the coronavirus. In July 2020, in the midst of a pandemic and with countries looking crazy for a solution, the Cozy Bears tried to Steal the vaccine attacking academic and pharmaceutical research centers that try to develop it.
own malware
It is not known exactly how many people are behind this equipment, but “no less than 15”, BlackArrow experts explain, “plus all those who support and maintain it”. Both Cozy and Fanzy use their own malware, “designed by or for them”, because it is not entirely clear whether they develop it themselves or in the Kremlin, “so that it is more difficult to detect and stop them”, explains Lancharro, to which Add: “From a technical point of view, both are very sophisticated”.
“They carry out parallel campaigns, that is to say that they can take several operations at the same time. For that they need at least three people. So our own calculations are that it cannot be less than 15”, says Gómez-Casero.
“In the case of Spain it is logical that we are on the list of objectives as the CNI has warned”, says the manager of BlackArrow. From his point of view, the two organizations have European institutions and NATO as their objectives. The shipment of weapons and the positioning against the invasion in Ukraine puts us in the spotlight.
The minister, in her appearance at the Congressional Defense Commission.
–
–
“As specialists, our recommendation is that we have to work as if we had compromised access to information, we have to be on guard every day of the year,” explains Lancharro.
Regarding the war in Ukraine, analysts walk a bit with the fly behind their ear. “These two groups are very quiet, very silent. No movement has yet been detected on them, unless they have been made public. We have no doubt that they have Ukrainian objectives, but that they are not detected is a bad sign”.
Russia-Ukraine War
Follow the topics that interest you
–
