Interactive Map Provides Full Overview of Russian Hacking Groups
For years, a large number of hacking groups in Russia have been known as some of the most experienced players in cyberspace, developing highly specialized hacking skills and devices for cyber espionage.
Groups like Fancy Bear, Turla, and Cozy Bear were behind many high-profile incidents, from the US presidential elections to blackouts in Ukraine.
The "Russian APT Map"
To simplify the complex ecosystem of Russian Advanced Persistent Threat (APT) groups, researchers from Intezer and Check Point Research released a web-based interactive map. Dubbed the "Russian APT Map," it allows anyone to explore the connections between different malware samples, families, and threat actors.
"By clicking on nodes in the graph, a side panel will reveal, containing information about the malware family the node belongs to, as well as links to analysis reports..."
The Research Behind the Map
The map is the result of comprehensive research involving the analysis of over 2,000 malware samples attributed to Russian hacking groups. Researchers mapped nearly 22,000 connections between them based on 3.85 million pieces of shared code.
A key finding is that groups generally did not share code, instead using their own distinct tools. This avoids a domino effect where one exposed operation could compromise others. To keep the map up-to-date, the researchers have open-sourced both the map and its underlying data.
