The aftermath of a Russian airstrike in Aleppo
Russia is mounting a far-reaching cyber espionage campaign against Syrian opposition groups and NGOs, as Moscow seeks to influence the flow of information on the country’s humanitarian crisis and obscure the full extent of its military operations there.
Targets include some of the most important human rights organisations and aid groups operating in the country, such as the Syrian Observatory of Human Rights, which reports on military incidents and is frequently cited in western media outlets, the Financial Times has learnt. The operation shares many of the hallmarks of Moscow’s sustained hacking campaign against the Ukrainian government in 2013 and 2014.
Details of the Syrian campaign were discussed with two senior intelligence officials, one from Europe and one from a country neighbouring Syria. The operation was large in scale and systematic in nature, one of them said, speaking on condition of anonymity, adding that the campaign was directed by the FSB, Russia’s state security agency.
Governmental and private sector groups have also been heavily targeted in Turkey, reflecting Ankara’s role as a protagonist in the battle for Syria. “There’s a major Russian cyber response right now because of a worsening relationship [with Ankara],” the regional intelligence official said, citing Turkey’s shooting down of a Russian jet in November as a turning point.
It is unclear just how many organisations have been compromised, but the malware used by the Russian agents could be used to erase data, propagate disinformation from official accounts or gather intelligence on highly sensitive targets gleaned from NGOs’ contact books.
Western intelligence agencies fear that that could allow Russia to mount a significant disinformation campaign if it chooses too, greatly complicating an already complex situation.
Officials and politicians in the US-led alliance fighting against Isis in Syria believe that Russia is deliberately “weaponising” the Syrian refugee crisis by attacking civilian targets in the country to increase pressure on Europe.
Richard Turner, head of Middle East and Europe at FireEye, the cyber security group, said that his organisation had tracked Moscow’s cyber campaign against Syrian organisations since December, adding that it had been growing in size since the start of the year.
“APT 28 and other Russian groups are now really focusing their attention on the collection of data on Syrian groups, particularly those focused on human rights and the monitoring of Russian military activity,” Mr Turner said. “It’s a very significant operation.” APT 28 is one of Russia’s most highly sophisticated cadres of state-backed hackers, and has been researched in the past by FireEye and other commercial cyber security groups.
“Clearly this is to enable them to respond politically . . . to target [the groups] for information warfare and to have an impact on the conflict itself,” he added.
The Syrian cyber attacks are mounted using fake replicas of legitimate organisations’ websites, which infect computer users when they are accessed. They also involve crafting cleverly disguised emails with malign attachments designed to look like trusted personal correspondences, press releases or official notices.
“It could be for two reasons,” said Jens Monrad, global intelligence liaison at FireEye. “One is to send out false information from those groups, or they could be using their credentials as stepping stones to go on and target other individuals or organisations. It all fits with Russia’s traditional information warfare doctrine.”Source: FT Asia