The alleged Russian espionage campaign targeted the Turkish government network. Its recent deployment shows Putin as a cautious, cunning leader, not a just a cyber war hawk
APT28 (also known as Pawn Storm) targeted Turkey’s government bodies, high-ranking state officials, and local media. According to Trend Micro, the allegedly Russian group deployed fake OWA servers and launched spear phishing attacks on several Turkish targets, such as the Parliament’s network and the Prime Minister’s office.
This was just a matter of time; each and every one of Russia’s rivals and enemies in the international arena were attacked by this group, which has been operating since 2007. This APT group is known by many names (Sofacy, Fancy Bear, Sednit, Strontium, and more) and uses varying tools, but its objectives don’t change much: the group uses advanced malware to spy on government networks, NGOs, journalists, and military bodies whenever Russia finds itself in need of valuable foreign intelligence.
Tensions between Russia and Turkey reached a boiling point last November, after Turkish F-16s downed a Russian Sukhoi su-24 attack jet in Northeast Syria. The Russian Air Force had been attacking Syrian rebel groups, some of which are of Turkish origin. The rivals haven’t exchanged blows since (aside from some pretty aggressive declarations), but the situation is still very sensitive as Putin expands the Russian intervention in Syria and deploys his cyber resources.
One might think that these cyber attacks are further proof of Russia’s aggressive foreign policy, and wonder if President Vladimir Putin will ever stop crossing international red lines. But the APT28 campaign’s deployment shows us how smart, restrained and cunning the Russian leader is.
A cunning leader. Putin. source
Putin is considered aggressive when compared to predecessors such as Medvedev or Yeltsin – but his usage of cyber resources makes him far more cautious. He operates in dangerous waters, as relations between Russia, the EU, and the USA have continued to deteriorate during the last decade due to the Russian military campaigns in Chechnya, the invasion of Georgia and Ukraine, and the Russian intervention in the Syrian civil war.
The Syrian civil war is different than the previous Russian campaigns, because in this case, other world powers operate in the same region and support different sides. Russia is helping the Syrian government, presumably in order to keep President Bashar al-Assad in office, since he is one of the Russian defense industry’s best clients. Actually, Syria bought Russian tanks, anti-aircraft platforms, and other military hardware back in the 1980s and 1990s and still hasn’t paid for it all.Who knows if the individual who replaces Assad will be able to pay up. But while Putin’s forces hit Syrian rebel camps, other forces support these rebels – or target one specific, well-known opposition group: ISIS.
This usage of cyber resources is a smart move; the attackers’ goal is probably data theft or continuous surveillance, meant to provide strategic intelligence for Russian decision-makers. Cyber attackers can damage infrastructure, as was seen in the blackout caused just two months ago in Ukraine. But Putin probably wants to keep tensions at a manageable level in an effort to prevent sabotage operations from taking place in the near future.
We will probably see APT28’s activity spike in the next months, as Russia’s involvement in the Syrian conflict continues. Who will be targeted next? There are several international forces that support the Syrian rebels – the USA, Germany, France, Egypt, Italy, and the UK to name a few. All of them try to avoid crossing paths with Russian operations in Syria, but Putin keeps expanding his involvement, so such a collision might be only a matter of time.
Tensions between Russia and Turkey reached a boiling point last November, after Turkish F-16s downed a Russian Sukhoi su-24 attack jet in Northeast Syria. The Russian Air Force had been attacking Syrian rebel groups, some of which are of Turkish origin. The rivals haven’t exchanged blows since (aside from some pretty aggressive declarations), but the situation is still very sensitive as Putin expands the Russian intervention in Syria and deploys his cyber resources.
One might think that these cyber attacks are further proof of Russia’s aggressive foreign policy, and wonder if President Vladimir Putin will ever stop crossing international red lines. But the APT28 campaign’s deployment shows us how smart, restrained and cunning the Russian leader is.
A cunning leader. Putin. source
Putin is considered aggressive when compared to predecessors such as Medvedev or Yeltsin – but his usage of cyber resources makes him far more cautious. He operates in dangerous waters, as relations between Russia, the EU, and the USA have continued to deteriorate during the last decade due to the Russian military campaigns in Chechnya, the invasion of Georgia and Ukraine, and the Russian intervention in the Syrian civil war.
The Syrian civil war is different than the previous Russian campaigns, because in this case, other world powers operate in the same region and support different sides. Russia is helping the Syrian government, presumably in order to keep President Bashar al-Assad in office, since he is one of the Russian defense industry’s best clients. Actually, Syria bought Russian tanks, anti-aircraft platforms, and other military hardware back in the 1980s and 1990s and still hasn’t paid for it all.Who knows if the individual who replaces Assad will be able to pay up. But while Putin’s forces hit Syrian rebel camps, other forces support these rebels – or target one specific, well-known opposition group: ISIS.
This usage of cyber resources is a smart move; the attackers’ goal is probably data theft or continuous surveillance, meant to provide strategic intelligence for Russian decision-makers. Cyber attackers can damage infrastructure, as was seen in the blackout caused just two months ago in Ukraine. But Putin probably wants to keep tensions at a manageable level in an effort to prevent sabotage operations from taking place in the near future.
We will probably see APT28’s activity spike in the next months, as Russia’s involvement in the Syrian conflict continues. Who will be targeted next? There are several international forces that support the Syrian rebels – the USA, Germany, France, Egypt, Italy, and the UK to name a few. All of them try to avoid crossing paths with Russian operations in Syria, but Putin keeps expanding his involvement, so such a collision might be only a matter of time.