FYI.

This story is over 5 years old.

Tech

Russian Hackers Are Fighting Western Sanctions with a Blizzard of Spam

Battles in cyberspace are intimately linked with the situation on the ground.
Image: Taema/Flickr

As Western sanctions cripple Russia's economy, the country's hackers are responding in their own way.

The sanctions are thought to have motivated a cyberattack earlier this month against Western financial institutions: Bloomberg reports that the FBI is investigating an attack on JP Morgan and at least one other bank "as a possible retaliation for government-sponsored sanctions."

Gigabytes of sensitive data were stolen from the banks at some point in August. Owing to the sophistication of the attack, which allegedly used a zero-day vulnerability in one case, there is some speculation that state hackers may have been involved.

Advertisement

"Russia has a policy of reactionary attacks in relation to political contexts," John Hultquist, from cyber intelligence company iSight, told Bloomberg's Michael Riley and Jordan Robertson.

Meanwhile, other hackers are capitalising on the political situation to bait individuals into downloading malicious files.

Researchers at Bitdefender Labs say that a flurry of spam messages have launched out of Russia, focusing on the recent moves made against the country.

Potential clickers are expected to share a strong view on Russia's current situation

"We, a group of hackers from the Russian Federation, are worried about the unreasonable sanctions that Western states imposed against our country," the email reads, according to a blog post by the researchers.

The email promises to deliver software that will attack western states. "We have coded our answer and bellow [sic] you will find the link to our program. Run the application on your computer, and it will secretly begin to attack government agencies of the states that have adopted those sanctions," it says.

If a recipient does this, however, their computer is quickly infected and becomes part of the hackers' botnet—a network of infected systems called Kelihos. Nodes of this network can in turn be used to send more spam emails, in the hope of expanding its size even further.

The malware, according to Bitdefender Labs, is capable of stealing a target's bitcoin wallets or login credentials saved in the browser, monitoring internet traffic, and downloading even more malicious files.

Advertisement

Related: Pro-Russian Hackers Took Down Three NATO Websites

Interestingly, just over 40 percent of the infected systems are actually in Ukraine, not Russia. "This either means that computers in the country were also infected, or that Ukraine itself is home to the main distribution servers," Bitdefender virus analyst Doina Cosovan said in the post.

After Ukraine, the second largest bunch of anti-sanction clickers come from Russia, making up around 16 percent of the network. Others targeted included machines in countries as far afield as Taiwan, India, Poland, the US and Iran, although all of these were in much smaller quantities.

Luring victims in with difficult-to-resist clickbait is a common practice among hackers, and tapping into people's concerns over current affairs is an effective method. In March, malware was distributed by a link claiming to show breaking news footage of the missing MH370 flight, and a few months later hackers preyed on the MH17 crash in Ukraine in a similar way.

In the case of the Russian sanctions story, however, the bait is particularly political in nature. Rather than feeding off simple curiosity, potential clickers are expected to share a strong view on Russia's current situation.

Whether it's criminal spammers looking for a payday, or organised hackers with political ambitions, it's clear that battles in cyberspace are intimately linked with the situation on the ground.