That’s according to growing evidence identified by Google researchers, according to one media outlet. During the past few months, Mandiant -- Google’s cybersecurity group, acquired in a deal that closed earlier this month -- observed what researchers believe to be some sort of coordination between pro-Russian hacking groups and cyber break-ins by Russia’s military intelligence agency.
Mandiant’s researchers say that in four instances they observed hacking activity linked to Russia’s military intelligence agency, or GRU, in which malicious software was installed on a victim’s network. They call it “wiper” software that caused disruption by destroying computer systems across the organization, The Wall Street Journal reports.
Following each hack, within 24 hours of the wiping, the hacktivist organizations published data stolen from the same organizations.
Three pro-Russian hacktivist groups — XakNet Team, Infoccentr and CyberArmyofRussia_Reborn — have been involved, according to the WSJ, citing information from Mandiant.
Close links between hacktivists and Russian security forces have long been suspected by cybersecurity experts.
John Hultquist, vice president of intelligence analysis at Mandiant, told the WSJ that now that XakNet has established itself as a hacktivist group, it could be used as a cover for a more-serious cyber operation directed by Russian intelligence. “These actors can’t be taken lightly,” he told the WSJ, referring to the GRU. “They are capable of turning out the lights.”
On September 9, in a blog post, Mandiant wrote explained it was tracking these groupe that support Russian interests. “These groups have primarily conducted distributed denial-of-service (DDoS) attacks and leaked stolen data from victim organizations,” the company wrote. “Although some of these actors are almost certainly operating independently of the Russian state, we have identified multiple so-called hacktivist groups whose moderators we suspect are either a front for, or operating in coordination with, the Russian state.”
The post goes on to explain that Mandiant is being careful to reserve judgement as to the “composition of these groups and their exact degree of affiliation with the GRU.”