A 2014 leaked private report from Google shows how much the internet giant knows about government hacking groups.
By Lorenzo Franceschi-Bicchierai | MOTHERBOARD
In October of 2014 an American security company revealed that a group of hackers affiliated with the Russian government, dubbed APT28, had targeted Georgia and other Eastern European countries in a wide-ranging espionage campaign. Two and a half years later, APT28—also known as „Fancy Bear“ or „Sofacy“—is a household name not just in the cybersecurity industry, but in the mainstream too, thanks to its attack on the US Democratic party and the ensuing leaks of documents and emails.
Before that report by FireEye, APT28 was a well-kept secret within the cybersecurity industry. At the time, several companies were willing to share information about the hacking group. Even Google investigated the group, and penned a 40-page technical report on the hacking group that has never been published before.
This sort of document, which Motherboard obtained from two independent sources, may be a common sight in the threat intelligence industry, but the public rarely gets to see what such a report from Google looks like. The report draws from one of Google’s most interesting sources of data when it comes to malware and cybersecurity threats: VirusTotal, a public malware repository that the internet giant acquired in 2012.
Sofacy and X-Agent, the report read, referring to the malware used by APT28, „are used by a sophisticated state-sponsored group targeting primarily former Soviet republics, NATO members, and other Western European countries.“