In recent years, many Russian hacking teams have emerged as some of the most sophisticated cyber threats, using specialized hacking techniques and toolkits for government espionage.
Over the last three decades, many high profile hacking episodes - such as the US presidential election hack, the NotPetya ransomware, the blackout in Kiev and its violation Pentagon - have been assigned to Russian hacking teams, including Fancy Bear, Turla, Cozy Bear, Sandworm Team and Berserk Bear.
In addition to expanding its capabilities in cyberspace, Russian APT groups have evolved into a very complex structure, making it harder to understand who is who in Russian government espionage.
Therefore, to illustrate the big picture and make it easier for everyone to understand Russian hackers and their businesses, researchers at Intezer and Check Point Research are working to release an interactive map of the internet that gives a complete picture of this ecosystem.
In essence, the Russian APT Map is the result of an in-depth survey where researchers collected, sorted, and analyzed more than 2.000 samples malware attributed to Russian hacking teams and mapped to almost 22.000
The Russian APT Map also reveals that although most hacking teams are reusing their own code in their own different tools and contexts, no different groups were found using each other's code.
In this way, they outweigh the risk of a damaged one hacking business to expose other active campaigns, preventing the collapse of a well-structured “house of cards”.
To make it more efficient and up-to-date in the future, researchers also have open access to the map and data.
In addition, researchers have also released a Yara rules-based scanning tool called "Russian APT Detector" that can be used by anyone to scan a specific file, folder, or entire file system and search for attacks and infections by Russian hackers.