In Putin’s Russia, Computer Hacks You! Following Russia’s Shadowy Hacker Unit, “APT28”

yakov3In the battle for cyber-dominance, three points to Russia’s Hacker Unit APT28.  According to a recent FireEye report, “Russia has long been a whispered frontrunner among capable nations for performing sophisticated network operations.”  While many western nations have idled in setting the rules of the game, Russia has quietly marked up its scorecard.

According to the report, in addition to the regular use of lures in numerous attempts to hack NATO, the Baltic States, and European governments in the furtherance of Russian interests, “collecting intelligence that would only be useful to a government.”

Past attacks attributable to the group include a wave of cyber-attacks against Estonia’s banks and government agencies in 2007, and cyber-strikes that coincided with Russia’s 2008 conflict with Georgia; For being among the first to strike, and the first to coordinate conventional warfare with the emerging cyber-battlefield, score one point for Russia.

Tally a second point for APT28 after it planted its flag on the White House in the last few weeks.  According to the Washington Post, U.S. officials were alerted to the breach by an ally; the attack, which caused multiple service outages to unclassified White House networks and potentially resulted in data theft, is still under investigation.

A third point may be awarded for spearheading a cyber-operation while effectively remaining in the shadows.  Unlike Chinese cyber-operatives in PLA Unit 61398 (more formally known as more formally known as General Staff Department (GSD), Third Department, Second Bureau), which suffered a setback to its anonymity when the U.S. charged five Chinese officers in the Unit with cyber-espionage, APT28 cannot yet be more directly attributed to the Russian government, nor has its true identity or name been revealed.  The closest anyone has gotten — publicly, at least — is the identification of the group’s regular activity in Moscow and St. Petersburg time zones.

At the EU’s cyber-security exercise last week,  the European Network and Information Security Agency reported that “web-based attacks increased globally by nearly a quarter in 2013 from a year earlier, directed from an increasing number of countries.”  According to William J. Lynn, III, Former U.S. Deputy Secretary of Defense, “A dozen determined computer programmers can, if they find a vulnerability to exploit, threaten the United States’s global logistics network, steal its operational plans, blind its intelligence capabilities or hinder its ability to deliver weapons on target.”

The development of binding International Law governing cyber-attacks is long overdue; in its absence, the danger posed by such attacks will continue to mount.

What measures, if any, should the International Community take to sanction cyber-attacks?  Share your thoughts in the comments below.

Related Readings:

Special Report:  APT28:  A Window Into Russia’s Cyber Espionage Operations?  FireEye (2014),

Derek Gatopoulos, “EU holds largest-ever cyber-security exercise, defense of critical infrastructure the focus,” AP / U.S. News (Oct. 30, 2014),

John Markoff, “Before the Gunfire, Cyberattacks,” New York Times (August 12, 2008),

Lauren Walker, “White House Computers Hacked by Russian Government, Officials Say,” Newsweek (October 29, 2014),

Ellen Nakashima, “Hackers Breach Some White House Computers,” Washington Post (October 28, 2014),*Morning%20Brief&utm_campaign=2014_MorningBrief-%20RD%20PROMO10.29.14

Adam Jourdan, “China-U.S. cyber-spying row turns spotlight back on shadowy Unit 61398,” Reuters (May 20, 2014),

Brian Knowlton, “Military Computer Attack Confirmed,” New York Times (August 25, 2010),

Leave a Reply

Your email address will not be published. Required fields are marked *