The Czech Republic accuses Russia of invading their government networks, reports ZDNet. The country’s intelligence service, BIS, states in an annual report that two espionage groups linked to Russia entered the networks.
These are the groups Turla and APT28, also known as Fancy Bear. The groups are said to have hacked the Ministry of Foreign Affairs, the Ministry of Defence and the army of the Czech Republic. The hacks took place in 2016 and 2017, at different campaigns.
BIS states that the Ministry of Foreign Affairs’ electronic communication system had in any case penetrated the country since the beginning of 2016. Then the attackers were given access to over 150 employee mailboxes and copied emails including attachments. The hacks remained under radar for almost a year, until the beginning of 2017 when BIS researchers discovered the hack.
The attackers focused in particular on mailboxes of senior representatives of the Ministry, according to BIS. In doing so, they gained “regular and long-term” access. Other inboxes were also hacked and BIS states that the hackers were given a “list of potential targets in almost all major government agencies”, as well as information that “may be used in future attacks”.
According to BIS, there was also a second attack that took place in December 2016, which was different from the first one. For example, attackers would have tried to guess the login details of mailboxes with brute force, and tried to get into hundreds of mailboxes.
Ministry of Defence
The attacks were assigned by BIS to two Russian groups. Moreover, according to BIS, APT28 was also behind other attacks on the Czech Republic. “The BIS has detected several attacks against Czech military targets. The wave of spearphishing emails focused mainly on people with military diplomacy in Europe. A similar attack targeted European arms companies and a border guard of a European state.”
“The most serious attack included compromising various private email accounts of people linked to the Ministry of Defence and the Czech army, and compromising IP addresses belonging to the Ministry of Defence and the army by a malware called X-Agent.
According to the BIS, the hackers were not able to steal secret information, but they were given access to personal and sensitive data that might be used in future attacks.
This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.