Cyberespionage Operations Detected in Russia

Cybersecurity experts have identified operations by the cybercriminal group XDSpy, which primarily targets the government sector and industrial enterprises. At least four successful attacks by these perpetrators have been recorded in Russia. Experts link the current activities of these cybercriminals to similar campaigns in Belarus. There is an ongoing theory that the group is gathering intelligence for a foreign government.

Among those monitoring XDSpy’s activities were specialists from Positive Technologies, who managed to detect four attacks by the group on Russian industrial enterprises and government organizations. Denis Kuvshinov, a cyberthreat researcher at Positive Technologies, stated that XDSpy’s attacks were successful because the captured malware samples were able to collect, encrypt, and transmit intercepted data to the operators’ servers.

According to other antivirus experts from ESET, members of the XDSpy group also conduct targeted cyberattacks on government agencies and private companies in Eastern Europe. Apparently, the criminals skillfully concealed their operations, as the group managed to remain undetected since 2011.

Attack Methods and Victims

Like many similar operations, XDSpy’s campaigns began with phishing emails containing malicious attachments. The majority of the group’s victims are located in Russia, with a smaller number in Belarus.

As the group’s name suggests, the operators are engaged in cyberespionage. The criminals’ presumed goal is to collect intelligence for a foreign government. Experts have not yet named the specific country XDSpy is allegedly working for, but there is a small clue: some malware samples were compiled in Eastern European time zones.

Employees of Kaspersky Lab told the publication “Kommersant” that the group’s operators are highly proficient in the Russian language.