Criminals, Not State Actors, Target Russian Oil Company in 3-Year Cyber Attack

A fairly complex advanced persistent threat (APT) on the large Russian oil company, Rosneft, was discovered last year, though it started roughly three years before. The attack took the form of malicious macros embedded in Microsoft Word targeted at Russian speakers, which the bad actors would use to try to find valuable information like passwords. Then, the actors would obtain other credentials by directing users to fake websites and use the information gathered to log into emails and recover bank account information. At first glance, this multi-pronged and long term plan seems like a tactic that Russian government sponsored actors would take. After all, Rosneft controls a significant part of the critical infrastructure in Russia. However, the malicious actors in this situation were motivated by financial gain rather than obtaining information and control. Security company Cylance, who discovered the attack, have concluded that this is the work of private actors interested in money rather than state sponsored actors.