(Translated from Swedish by my Chrome browser)
Russian and Chinese state-sponsored cyber attacks are directed now towards the Swedish authorities and businesses for geopolitical reasons, according to a new report. During Vladimir Putin’s 10-day absence in March this year was attacked specifically Nordic authorities through an email that was about the Russian president.
– It is a typical way of spreading malware on. An enticing substance is used for people to open a document that allows a system can be attacked.In precisely the case with Putin used the news to send e-mail to the Scandinavian authorities, says Jen Weedon, threat and intelligence chief at IT security company FireEye.
Sweden was attacked?
– The entire region was, says Weedon.
According Weedon had the attack originated in China. An email with a Word document consisting of the a news article for information about Putin’s “disappearance” was sent to selected recipients in the Nordic Foreign Service. The email also contained malicious software designed to give cyber-attackers access to government information.
The method is common, for example, has FireEye seen that malicious software often sent by e-mail that contains information about major news events. One example mentioned the recent earthquake in Nepal and the disappearance of the Malaysian Airlines flight MH370.
– But in the case of Putin, it was tailor-made for the Nordic countries and the purpose was likely to come across information about foreign service and diplomatic discussions. There was no mass-mailing, says Jen Weedon.
“We are happy to share what we know to the police and the authorities.”
Jens Monrad, systems analyst at FireEye
The data on cyber-attacks emerge in a new report released today from FireEye. The company follows a total of about 100 groups who engage in hacking internationally. The Russian side is the Nordic authorities and energy companies that compete with Russian companies that are exposed to cyber attacks.
– Energy prices are now very important for Russia, as we have seen, intrusions designed to overcome inside information about the product strategies, pricing and negotiating positions, says Jen Weedon.
Regarding Russia, one also sees connections between intelligence groups working with political gathering through cyber-attacks and criminal networks that steal information from companies.
– We can not prove that this is so. But we have seen that the groups of intelligence reasons attacked NATO, Georgia and the OSCE are using similar infrastructure that the criminal groups that attack businesses, says Jen Weedon.
From the Chinese side directed attacks against the Nordic companies mainly to activities related to the Arctic. For example, when it comes to information about energy and new shipping routes.
Generally, figures from FireEye to medium duration that an attacker is inside the attacked computer systems, and have access to information before it is discovered now is 205 days.
Security companies are often criticized for exaggerating cyber threats to earn money. Comment?
– I will not speculate on what others do. But I’m quite confident to say that we do not. We are happy to share what we know to the police and authorities, says Jens Monrad, systems analyst at FireEye.