Cyber spies suspected of working for Russia’s Foreign Intelligence Service (SVR) target NATO countries in a recent hacking campaign, according to a new industry report.
The hackers are using online storage services such as Google Drive and Dropbox to avoid being detected, cybersecurity firm Palo Alto said.
The hacking attempts involved phishing emails containing an agenda for an upcoming meeting with an ambassador as bait, and were sent to several Western and NATO diplomatic missions between May and June this year.
A Dropbox spokesperson told Sky News: “We can confirm that we have worked with our industry partners and the researchers on this matter and immediately disabled user accounts.”
Palo Alto ruled that the attackers are part of the same organization blamed for the 2020 SolarWinds breach, which allowed Russian spies to access the networks of at least nine U.S. government agencies.
The success of that spy operation – which was only discovered when the hackers also decided to steal tools from US cybersecurity firm Mandiant – sparked a significant response from US authorities.
It led to the US announcing new sanctions against Russia and its officials, although Russian government spokesmen repeatedly denied being to blame.
At the time, Microsoft president Brad Smith called the supply chain attack “the largest and most sophisticated attack the world has ever seen,” although some commentators criticized this description.
Unlike hacking groups affiliated with the GRU, the Russian military intelligence service, the SVR is expected to conduct more covert operations.
The US Cybersecurity Infrastructure Agency said the SVR hackers have “showed patience, operational security and complex trading” in previous attacks.
After the 2016 US election, when GRU hackers breached the Democratic National Committee, researchers found that the SVR was also present on those networks — and had actually been there for a year.
The two organizations appeared to be unaware of each other’s efforts.
Read more: Europe will be ‘much less secure’ if NATO doesn’t expel Putin’s troops, foreign minister warns
Image: Some of the bait phishing emails pretended to come from the Portuguese embassy. Photo: Palo Alto
The recent espionage efforts come as the NATO alliance prepares to welcome two new members in response to Russia’s invasion of Ukraine.
In June, the alliance confirmed that Sweden and Finland will be formally invited to join, at the same time announcing a “new strategic concept”.
Outlining a blueprint for threats and challenges, NATO pledged to defend “every inch” of its territory as it outlined a “deterrence and defense posture” based on a mix of “nuclear, conventional and missile defense capabilities”.