Czech Authorities Dismantle Alleged Russian Cyber-Espionage Network (Oct 22, 2019)
Czech authorities have uncovered and dismantled a Russian cyber-espionage network operating from within the country. The Russian network was set up with several hardware and software companies to launch cyber attacks, and was being funded from the Russian Prague embassy. The server infrastructure was intended to be used for cyber attacks against the Czech Republic as well as the EU and NATO allies. The network was dismantled in March 2019 but has now officially been confirmed.
Recommendation: Defense-in-depth is the best way to ensure safety from APTs. Defense-in-Depth involves the layering of defence mechanisms. This can include network and end-point security, social engineering training (such as training exercises to help detect phishing emails) for staff and robust threat intelligence capabilities. In this case, there are lessons for security researchers regarding attribution. It would have been difficult to distinguish where the activity was truly originating from without paying close attention.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.