Last April, the French television broadcaster TV5 Monde was hacked. The attack took its TV channels off the air as well as posted rogue content on its website and social feeds.
The perpetrators, pruportedly, were part of an ISIS-linked hacking group called CyberCaliphate.
Now, French authorities believe a group of Russian-sponsored hackers known as APT28 are behind the TV5Monde’s attack and framed the CyberCaliphate.
And cybersecurity experts with knowledge of APT28 agree with this hunch.
APT28 has been around for quite some time and has been known to perform cyberespionage for the Russian government. The cybersecurity firm FireEye released a report about APT28’s operations in October of 2014, describing its source as coming from a “government sponsor based in Moscow.””
That report was published over 6 months ago and FireEye has continued studying APT28’s operations. Laura Galante, FireEye’s director of threat intelligence, tells Business Insider that it too sees evidence of APT28 being behind the TV5 Monde hack.
According to Galante, the infrastructure used to attack the broadcasting company was similar to APT28’s. Further, the website where CyberCaliphate took credit for the attack was register “in the same domain box where we’ve seen APT28 register other infrastructure,” Galante said.
Given all this Galante said that she strongly suspects that “APT28 was behind the TV5 Monde breach.”
All the same, the French target appears a bit out of nature for the Russian hacking group. According to FireEye’s first report, APT28 generally targets “insider information related to governments, militaries, and security organisations that would likely benefit the Russian government.”
More, the hacking group’s operations are generally in the name of espionage and not simply to wreak public havoc.
Galante agreed that this attack would be a “divergence” from APT 28’s usual tactics. At the same time, she told Business Insider that FireEye has seen “media or influencers being targeted” by these groups.
She added that no one actually knows the entirety of what the hackers did to TV5 Monde. While we know the attack caused a great deal of destruction to the broadcaster’s infrastructures, there is a distinct possibility that this operation did more than just take a broadcaster down and post menacing content.
Despite these new claims, investigators are still looking into the matter. FireEye says it will continue looking into the APT28’s actions, and the BBC reports the French authorities will continue their investigation into the hack.