Security firm F-Secure has accused a hacking group called The Dukes of being state-sponsored by Russia, and assaulting multiple Western government organisations, grabbing lots of data in the process.
According to a whitepaper (PDF) on the group published by F-Secure, the group has been running wild for the past seven years.
Specific targets of the attacks discussed in the report include the former Georgian Information Center on NATO (now called the Information Center on NATO and EU), the Ministry of Defense of Georgia, the ministries of foreign affairs in both Turkey and Uganda, and other government institutions and political think tanks in the United States, Europe, and Central Asia.
“The Dukes are a well-resourced, highly dedicated and organised cyber espionage group that we believe has been working for the Russian Federation since at least 2008 to collect intelligence in support of foreign and security policy decision making,” the F-Secure report stated.
The Dukes use nine different variants of malware toolsets, including MiniDuke, CosmicDuke, OnionDuke and CozyDuke, to carry out its attacks, which are of a ‘smash and grab’ nature.
“These campaigns utilize a smash-and-grab approach involving a fast but noisy break-in followed by the rapid collection and exfiltration of as much data as possible. If the compromised target is discovered to be of value, the Dukes will quickly switch the toolset used and move to using stealthier tactics focused on persistent compromise and long-term intelligence gathering,” the whitepaper said.
It is also said that the group paid little to no attention to leaving its tracks, suggesting that it has no fear of any repercussions.