Since 2008, a cyber-espionage group called the Dukes has been conducting systematic cyber attacks in the United States, Europe and Central Asia. The group operates out of Russia, and now Finnish data security firm F-Secure has provided evidence that the group operates at the behest of the Russian government.
The group uses nine different malware tools
F-Secure published a report titled The Dukes: Seven Years of Russian Cyberespionage on Thursday. The report links a large number of state-sponsored cyber attacks to the Dukes, which is engaged in Russian intelligence gathering. The group uses nine different malware tools that infiltrate into the target computer networks and send the data back to the hacker group.
The group has attacked the Information Center on NATO, the Defense Ministry of Georgia, the Ministry of Foreign Affairs in Uganda and Turkey. It has also targeted a number of political think tanks and government institutions in the United States. Notably, the Russian group has designed each of the nine malware tools to target specific systems.
Evidence that the Dukes is sponsored by Russia
F-Secure researcher Artturi Lehtio said in a statement there were plenty of signs that pointed to state-sponsorship by Russia. F-Secure found Russian-language error messages in code. Lehtio said all the attacks by the group were carried out within working hours on Moscow Time. And almost all the targets were of strategic interest to the Russian government, embassies, and ministries. Most importantly, the Russian state was never attacked by the Dukes.
The Finnish security firm also points out that even after the Dukes’ activities were made public by various security firms, they didn’t change their tactics. It clearly indicates that they enjoyed certain level of protection. F-Secure said it was unclear whether the Dukes was a team or an external contractor or a criminal gang trying to make money or tech-savvy patriots. But one thing is clear that the main benefactor of their work is the government.