The involvement of a Russian hacking group posing as ISIS/ISIL militants in the April cyberattack that crippled a French-language broadcaster has been identified, claims French investigating team.
The latest findings have raised questions about the hidden agenda behind such an assault that initially appeared to be aimed at spreading extremist propaganda.
The “CyberCaliphate” group targeted and took control of BBC News transmission and TV5Monde’s Paris headquarters’ computer systems on April 8 and posted a pro-ISIS message on the channel’s social media accounts. The hackers also blacked out the company’s global TV channels for a few hours.
First impressions were that this attack was a new level of sophistication in cyberattack prowess has been achieved by the militant group.
However, further investigations into the matter revealed startling facts about the real perpetrators behind the TV5Monde attack.
An official spokesperson of the Paris prosecutor’s office announced that the real hackers could possibly be part of a Russian group that calls itself APT28 or Pawn Storm, reports The Wall Street Journal.
Evidence suggest that the IP addresses used for hosting a website of CyberCaliphate were involved in the attack as well as other techniques were employed by the hackers. The information matched those deployed in the previous attacks from the Russian group.
According to the spokesperson:
“We’re focusing on the Russian angle.” She also added that currently there is currently no substantial proof of involvement of Islamic State.
The Russian government, however, has denied its involvement in hacking whereas U.S cybersecurity firms suspect circumstantial evidence show government’s’ sponsorship of hacker groups including the one identified by the French government.
The Europe, Middle East and Africa branches President of cybersecurity firm FireEye Inc., Richard Turner stated:
“All of our attribution tends to suggest this is an organization that is focused on furthering the objectives or gathering intelligence that is of use to the Russian government. The evidence points to a nation-state.”
The firm states that its team independently verified the hack attack and it turned out that the attacker used infrastructure that was linked to APT28. Moreover, there is evidence available suggesting that the same group had set eyes on TV5Monde since February.
Some of the previous hacks conducted by ISIS hackers:
1. On January 26, 2015 the official website of Malaysian Airlines was hacked by ISIS hackers
2. On Newsweek Twitter account hacked by ISIS hackers
3. On 14th February, 2015 Website of UAE’ oldest newspaper Al Ittihad hacked by ISIS hackers
4. On February 26, 2015 Chile’s Ministry of Defense website was hacked by ISIS hackers
5. On March 22, 2015 ISIS released alleged hacked hit list of 100 U.S. Military Personnel.