In its final report for 2017, the Security Information Service of the Czech Republic (BIS) accused Russia’s military intelligence (GRU) and Federal Security Service (FSB) of committing cyberattacks on the Ministry of Foreign Affairs the Ministry of Defense.
“The MFA electronic communication system had been compromised at least since the beginning of 2016 when the attackers accessed more than 150 mailboxes of the MFA staff and copied them,” the authors state.
According to the Czech side, all the findings make it clear that it was the Turla cyberespionage campaign, originating from the FSB, a Russian intelligence service, and APT28/Sofacy, which is credited to the GRU. In the late 1990s, the FBI and Scotland Yard found in the code of one of Turla-made viruses nicknames of its developers – Iron, Max and Rinat. Also the code included the word Vnuk (Grandson in Russian).
“The BIS detected several attacks against Czech military targets. The most serious included compromising of several private email accounts of people linked to the Ministry of Defense and the Army of the Czech Republic and compromising of an IP address belonging to the Ministry of Defense/Czech Army by a malware known as X-Agent. Although the attackers most likely did not obtain any information, which are considered classified pursuant to Act No. 412/2005 Coll., they obtained numerous personal information and sensitive data that may be used for further attacks and illegitimate activities,” the report reads.
In 2016, the US company CrowdStrike said that hackers had infected programs used in the Ukrainian army with X-agent. The Ukrainian Defense Ministry denied this information.