Against the backdrop of the pandemic, foreign hackers have increased their activity against Russian research institutes which specialize in developing vaccines against the coronavirus, as well as military and aviation projects. Experts believe the stolen information could be used for political purposes. But lately, the focus of such attacks has shifted from espionage to the destruction of critical infrastructure.
Cybersecurity experts have described an increase in targeted attacks on research institutes. Group-IB reported that Russian research institutes specializing in military and aviation developments, as well as those responsible for developing vaccines for the coronavirus, have recently been of great interest to foreign pro-state hackers.
Company Doctor Web confirms that targeted attacks on research institutes have tended to increase recently. In September 2020, for example, a Russian research institute contacted its virus laboratory, and Doctor Web discovered that the institute's network had been compromised by two hacker groups. One of them had infiltrated the research institute's network back in 2017 and remained undetected until 2020. During the investigation, it emerged that a similar malware was installed on the local network of another Russian research institute in May 2019.
Sometimes a group can go undetected for longer and also embed multiple programs at once: for example, Group-IB found six types of malware on one client's network.
"Among the malware was a banking Trojan in accounting, spyware on employees' mobile devices that connected to work Wi-Fi, malware and Trojans on work machines", said Anastasia Tikhonova, head of research at APT Group-IB.
Targeted attacks are difficult to detect because they always affect only one organization, said Igor Zdobnov, head of Doctor Web's virus laboratory. In his opinion, state-sponsored hackers are behind the attacks on research institutes for espionage purposes.
Group-IB adds that such operations have recently become more overt, with their focus shifting from espionage to the destruction of critical infrastructure.
For example, on July 3, 2020, it was revealed that Israeli authorities were under suspicion of carrying out a cyber attack on one of Iran's nuclear facilities. The incident occurred on July 2 and involved a fire and explosion at an underground uranium enrichment facility in Natanz.