Russian state hackers rarely share code with one another

Posted on Oct 5, 2019

Russian state hackers rarely share code with one another

A first-of-its-kind research project highlights the connections between nearly 2,000 samples of Russian APT malware. Russia’s state-sponsored hacking groups rarely share code with one another, and when they do, it’s usually within groups managed by the same intelligence service, a new joint report published today reveals. This report, co-authored by Check Point and Intezer Labs, is a first of its kind in its field.

The two companies looked at nearly 2,000 malware samples that were previously linked to Russia state-sponsored hacking groups, in order to get an idea of how these malware samples related to each other. Their investigation found 22,000 connections and 3.85 million pieces of code that were shared among the malware strains. The conclusion of this vast research effort was the revelation that Russian APTs (advanced persistent threat, a term used to describe government-backed hacking groups) don’t usually share code with one another.

Furthermore, in the rare instances they do, code reuse usually occurs inside the same intelligence service, showing that Russia’s three main agencies that are in charge of foreign cyber-espionage operations don’t collaborate for their campaigns.