The hacking efforts come as Russia’s invasion of Ukraine continues to sour US-Russia relations and drive intelligence-gathering efforts by both governments. “The last months, [the hacking group] has compromised the networks of US-based organizations that have data of interest to the Russian government,” said Charles Carmakal, senior vice president and chief technology officer at US cybersecurity firm Mandiant, which responded to the hacks. Carmakal declined to elaborate on the types or number of US organizations that had been breached. In separate activity disclosed on Tuesday, US cybersecurity firm Palo Alto Networks said the Russian hacking group used popular services such as Dropbox and Google Drive to try to deliver malware to an unnamed European government’s embassies in Portugal and Brazil on May and June. . While it’s unclear how successful those hacking attempts were, they could give hackers a foothold in computer networks to gather intelligence, Jen Miller-Osborn, deputy director of threat intelligence at Unit 42 at Palo Alto Networks, told CNN. The two hacking campaigns offer the latest example of how the elite Russian hacking group has tried to evade the US government and the private investigators pursuing it. The Russian hacking group is best known for using counterfeit software built by federal contractor SolarWinds to breach at least nine US agencies in activities that came to light in December 2020. The attackers went undetected for months on the Departments’ unclassified email networks. Justice. Homeland Security and others. The group continued to target US and European government networks, and the software providers that serve them, throughout 2021, according to researchers. Google and Dropbox told CNN they took steps to prevent the latest hacking activity. “We were aware of the activity identified in this report and had already taken proactive measures to protect any potential targets,” said Shane Huntley, senior director of Google’s Threat Analysis Group. A Dropbox spokesperson told CNN that the company “disabled user accounts” involved in the alleged Russian hacking campaign “immediately” after they were reported.

Russian surveillance of Ukrainian hackers

Another sign of Russia’s voracious appetite for information came on Tuesday, when researchers from Google’s Threat Analysis Team (TAG) exposed a possible effort, linked to Russia’s FSB intelligence agency, to track down Ukrainian hackers who have targeted Russian Organisations. The hacker group created a web application designed to mimic a tool used by Ukraine’s IT Army — a hacker group encouraged by the Ukrainian government that has targeted Russian corporate and government websites, according to Google. From there, hackers might have been able to track who downloaded the app and potentially gather information about Ukrainian hackers who were a thorn in the side of the Russian government. Someone even posted a link to download the buggy app on the Ukrainian IT Army’s Telegram channel, according to Billy Leonard, a security engineer at Google TAG. The group responsible, Leonard said, is known as the Turla. It is considered one of the Russian government’s top espionage groups along with the hacking group responsible for the SolarWinds intrusions and other groups, and has been linked to skilled attackers of Western government networks for years. Since Russia’s full-scale invasion of Ukraine in February, Turla has targeted government agencies in Latvia, Lithuania and other European countries, Leonard said. But this was the first time the hackers had been spotted in Ukraine in four or five months, Leonard told CNN. Adrian Nish, a cybersecurity executive at BAE Systems Applied Intelligence, who also observed the Turla activity, said it made sense for Russian hacking groups to look to Ukraine for new information as the war continues. “Given Russia’s faltering progress in achieving its goals in Ukraine, it is to be expected that state intelligence efforts are focused on gathering intelligence and disrupting opposition forces in any way they can,” Nees told CNN.