On February 7, the Ministry of Digital Development, Communications and Mass Media of the Russian Federation announced the creation of a “digital attaché” service. Officially, this service will promote Russian IT products on the international market, although even Russian publications do not believe this, openly calling this initiative “the new front of the Russian Federation’s opposition to the West” (archive). It was announced that in 2022 Russian “digital attachés” would start working in 16 countries, including Germany, Turkey, Brazil, Vietnam, Egypt, India, Iran, Kazakhstan, Uzbekistan, Cuba, Malaysia, UAE, Singapore, Thailand, South Africa, and South Korea. And if the initial results are good, in 2024, the geography of the Russian presence is planned to expand to 28 countries.
It is known that a significant number of the Russian diplomatic corps abroad are engaged in espionage and active measures of influence. Therefore, it can be expected that “digital attaches” will use the implementation of Russian software products as opportunities for espionage and the creation of backdoors to disrupt the information systems of those countries.
Examples of cyber operations of the Russian Federation
It is noteworthy that Russian hacker groups affiliated with the General Staff of the Russian Armed Forces, the Russian Foreign Intelligence Service and the FSB have been repeatedly exposed in cyber operations against a number of countries, including Ukraine, Poland, Great Britain, USA, Estonia, Georgia, France, Germany, and others. A characteristic feature of these operations was interference with information systems and critical infrastructure and attempts to influence elections or the political situation in these countries. Let us recall some examples.
Attacks in the United States
In 2016, there were reports of the Russian APT29 hacker group, which is directly linked with the Russian Foreign Intelligence Service, interfering in the information systems of the US Democratic National Committee. Russian hackers have repeatedly attempted to interfere in the US election.
Attempts to steal data on COVID-19 vaccine development
Russian special services also tried to disrupt the development of COVID-19 vaccines and steal research materials to use in a hybrid vaccine and to present the Russian Federation as a “savior of mankind” (this was to help lift sanctions for the Russian occupation of Crimea and its aggression against Ukraine in the Donbas). In 2020, Reuters published a statement of Britain’s National Cybersecurity Center (NCSC) that Russian hackers had tried to steal research into COVID-19 vaccines and treatments from academic and pharmaceutical institutions around the world. A coordinated statement from the United Kingdom, the United States, and Canada identified APT29, also known as Cozy Bear, as the perpetrators of the attacks.
Attempts to steal data of the investigation of the crash of Flight MH17
It is known that the Cozy Bear group was able to penetrate the systems of the Dutch Police Academy in 2017. The attack was observed by the Dutch secret service AIVD, which warned police about the hack. Russian hackers tried to steal data related to the investigation of the crash of Malaysia Airlines’ flight MH17. The plane was shot down on July 17, 2014 in the sky over the Russia-occupied part of Ukraine by a Russian Buk SAM, which belonged to the 53rd Anti-Aircraft Missile Brigade of the Russian Armed Forces. On May 24, 2018, the authorities of Australia and the Netherlands officially accused Russia of destroying a passenger aircraft in the sky over the Donbas.
Cyber-attacks on state institutions of Ukraine in January 2022
Since 2014, Russian special services and hacker groups affiliated with them have been actively conducting their own cyber operations against Ukrainian computer systems. They have been carring out computer sabotage aimed at the critical infrastructure of Ukraine, government websites, as well as Ukrainian mass media.
Another large-scale attack took place on the night of January 13-14, 2022. Russian hackers tried to carry out an operation under a false flag to damage the friendly relations between Ukraine and Poland. The Permanent Representative of Poland to the EU, Ambassador Andrzej Sados, said that the Polish government had information that a group of hackers affiliated with Russian intelligence services had attacked Ukrainian websites.
The undeclared cyber war has been going on for many years. And the special services of the Russian Federation are actively attacking not only Ukraine, but also the EU and NATO countries. However, against the background of growing cyber threats, there is also a constant increase in the strength of cybersecurity, which is receiving more and more attention. Therefore, Russian hackers and intelligence services are not always able to access important information and systems. Sometimes physical access or deployment of software with built-in backdoors are needed for a successful intrusion. It is possible that this is the purpose of the new “digital attaché” service of the Russian Federation, which will start operating in 2022 in 16 countries simultaneously. This “special service” will lobby for the use of Russian software and the purchase of Russian IT products. For Russia, this is not only an opportunity to improve its finances but also an additional route for offensive action in cyberspace.
Read InformNapalm reports on related subjects:
- Proofs of the Russian Aggression: InformNapalm releases extensive database of evidence
- Volunteers gathered evidence of 35 Russian military units taking part in the invasion of Crimea
- Kremlin financing Polish radicals: tasks, payments, and reporting to Moscow
- SurkovLeaks (part 3): analysis of the correspondence of Surkov’s first deputy Inal Ardzinba
Translated by Max Alginin. We welcome redistribution and reprinting of our materials with reference to the original source (Creative Commons – Attribution 4.0 International – CC BY 4.0). InformNapalm social media pages: Facebook / Twitter / Telegram / Slate (Sl8).
InformNapalm does not receive any financial support from any country’s government or large donors. InformNapalm.org website is kept alive only by the community volunteers and our readers. You can also volunteer or support the development of the unique volunteer intelligence resource with your donations through Patreon.