The Federal Security Service of the Russian Federation (FSB) has accused the United States and other NATO countries of launching over 5,000 cyberattacks against critical infrastructure in the country since the beginning of 2022.
The agency says it has taken timely measures to prevent these attacks from causing any negative consequences to Russia.
Furthermore, the FSB claims that these attacks originate from Ukrainian territories, which are used for masking the true origin and identity of the perpetrators. At the same time, the attacks also involve the deployment of “new types of cyber-weapons.”
“In the analysis of identified computer threats, data were obtained indicating the use of Ukrainian territory by the United States and NATO countries for conducting massive computer attacks on civilian objects in Russia,” reads the machine-translated FSB statement.
“Currently, the network infrastructure of Ukraine is used by units of offensive cyber operations of Western countries, allowing them to secretly use new types of cyber weapons.”
The FSB claims that despite many of the attacks being presented as activities by the “IT Army of Ukraine,” it was able to discern the involvement of pro-west hacker groups such as “Anonymous,” “Sailens,” “Goast clan,” “Ji-En-Ji,” “SquadZOZ,” and others.
The timing of this statement from FSB is suspicious, as Poland’s Military Counterintelligence Service and its Computer Emergency Response Team linked APT29 state-backed Russian hackers to widespread attacks against several EU and NATO countries just yesterday.
Detections point to Chinese APTs
Meanwhile, Rostelecom’s CERT team has also published a report about cyberattacks targeting Russian infrastructure between March 2022 and March 2023.
In that report, Rostelecom claims that 20% of all detected attacks can be attributed to sophisticated APT groups, 38% are cases of hacktivism, and another 38% are ransomware attacks.
In 72% of the detected cases, the network intruders leveraged known vulnerabilities for initial access, while the time for reaching their ultimate goal has now been reduced to an average of seven days.
“The activity of state-owned APT groups has grown, which since the beginning of the special military operation have become more active in infrastructure, expanding the range of goals,” reads machine-translated Rostelecom’s report.
Interestingly, the four hacking groups reported by Rostelecom’s analysts as having the most significant activity against Russian entities during the mentioned period are APT27, APT41, APT10, all three believed to be of Chinese origin, and the Lazarus Group, who are North Koreans.
This directly contradicts FSB’s statement about a massive wave of thousands of attacks launched by NATO-backed hacking collectives.
Rather, the country’s largest telecommunications provider reports that the most significant volume of cyberespionage attacks comes from Russia’s own alleged allies.
