Russian cyber spies targeting NATO countries in new hacking campaign | Science & Tech News

Cyber spies suspected of working for Russia’s foreign intelligence service (SVR) are targeting NATO countries in a recent hacking campaign, according to a new industry report.

The hackers are using online storage services such as Google Drive and Dropbox to avoid being detected, said cyber security company Palo Alto.

The hacking attempts have included phishing emails containing an agenda for an upcoming meeting with an ambassador as a lure, and were sent to several Western and NATO diplomatic missions between May and June of this year.

A spokesperson for Dropbox told Sky News: “We can confirm that we worked with our industry partners and the researchers on this matter, and disabled user accounts immediately.”

Palo Alto assessed that the attackers are part of the same organisation blamed for the SolarWinds breach in 2020 which gave Russia‘s spies access to the networks of at least nine US government agencies.

The success of that spying operation – which was only detected when the hackers also decided to steal tools from US cyber security company Mandiant – prompted a significant response from US authorities.

It led to the US announcing new sanctions on Russia and its officials, although Russian government spokespeople repeatedly denied being to blame.

At the time Microsoft president Brad Smith called the supply-chain attack “the largest and most sophisticated attack the world has ever seen” although some commentators criticised this description.

Unlike hacking groups associated with the GRU, Russia’s military intelligence agency, the SVR is considered to conduct more covert operations.

The US Cybersecurity Infrastructure Agency said that the SVR hackers have “demonstrated patience, operational security, and complex tradecraft” in previous attacks.

When GRU hackers were found to have breached the Democratic National Committee following the 2016 elections in the US, researchers discovered that the SVR had also been present on those networks – and had actually already been there for a year.

The two organisations appeared to be unaware of each other’s efforts.

Read more: Europe will be ‘much less safe’ if NATO does not push Putin’s forces out, foreign secretary warns

Some of the phishing lure emails posed as being from the Portuguese Embassy. Pic: Palo Alto
Some of the phishing lure emails posed as being from the Portuguese Embassy. Pic: Palo Alto

The recent espionage efforts come as the NATO alliance prepares to welcome two new members in response to the Russian invasion of Ukraine.

In June, the alliance confirmed that Sweden and Finland will be formally invited to join at the same time as it announced a “new strategic concept”.

Setting out a blueprint for threats and challenges, NATO promised to “defend every inch” of its territory as it outlined a “deterrence and defence posture” based on a mix of “nuclear, conventional and missile defence capabilities”.