A newly discovered pro-Russian cybercriminal group called Cyber Spetsnaz has been exploiting the current geopolitical conflict between Russia and Ukraine to organise cyber-espionage campaigns.
The recently uncovered group is an elite cyber offensive armada that exclusively targets the infrastructure of the North Atlantic Treaty Organisation (NATO). This month, the cyberespionage group developed a new division dubbed Sparta, which mainly targets the earlier-mentioned organisations, its members, and allies.
Moreover, the Sparta division revealed they are an official ally of another threat actor called Killnet Collective. Cybersecurity experts stated that the critical responsibility of the Sparta Division is to deploy cyber espionage campaigns to steal financial intelligence, sensitive data, and internet resources from NATO, its allies, and members.
Cyber Spetsnaz includes several divisions that oversee different tasks.
Last April, the Cyber Spetsnaz group designed its first division called Zarya as a group with experienced intrusion testers, hackers, and OSINT specialists. The group also announced their Operation Panopticon intending to recruit approximately 3,000 volunteer cyber offensive hackers.
The recruited hackers have already participated in cyberattacks against the Ukrainian Government, European countries, and private organisations. Cyber Spetsnaz’s other divisions, such as the Rayd, Vera, Mirai, Jacky, Phoenix, DDoS Gung, and Sakurajima, worked together to deploy widespread distributed denial-of-service attacks.
The hacking organisations targeted several Italian logistics terminals: Trieste, Yilport, TDT, Sech, and VTP. The researchers also noted that several financial institutions suffered the wrath of these attackers.
The Red division was attributed to the recent attacks on government resources in Poland, such as targeting its Senate, Border Control, Police, and the Ministry of Foreign Affairs. Additionally, the threat groups leveraged numerous scripts like DDoS Ripper, Hasoki, MHDDoS, Karma DDoS, Blood, and GoldenEye to abuse misconfigured web servers.
The Cyber Spetsnaz members are distributed to assigned domains and NATO infrastructures for effective coordinated attacks that will allow them to carry out a consistent campaign.
The group is heavily suspected to be Russian-backed hackers. The increased activity of the group implies that its strong collaboration can seriously impact many organisations and be a considerable threat to cybersecurity experts.