2. SVR Took Advantage Of Kaseya Chaos To Gather Intel
The SVR is looking to take advantage of the chaos created by Friday’s REvil ransomware attack against Kaseya and its MSP customers to go after valuable intelligence targets, a source familiar with the matter told Bloomberg. FireEye’s Mandiant incident response division has observed Russian government hackers carrying out breaches in recent days, Mandiant Senior Vice President Charles Carmakal told Blomberg.
“No question, the Russian government is absolutely benefiting from security companies and intelligence organizations being so focused on ransomware right now,” Carmakal told Bloomberg. “But the question is, is the Russian government providing tacit approval for ransomware operators or are they providing instructions? I don’t know.”
REvil’s noisy and disruptive ransomware attack against Kaseya provided cover for the Russian foreign intelligence service to engage in intelligence collection, Johns Hopkins Professor Thomas Rid said on Twitter. “At-scale ransomware attacks probably facilitate espionage to some degree by pinning down incident responders and security professionals across the land,” Rid wrote at 10:23 p.m. ET Tuesday.