A cyber espionage group is suspected of having repeatedly tried to break into government infrastructure in recent weeks, sources have told Times of Malta.
Russian hackers known as Turla have been identified as the likely culprits after the Malta Information Technology Agency (MITA) detected a cyber-attack on one of the government’s web hosting facilities earlier this month.
A web hosting service is what organisations use to put their website on the World Wide Web and breaking into it could allow hackers access to sensitive information such as email correspondence or government-held databases.
Alternatively, the attack could have been intended to be disruptive and allow hackers to potentially bring government systems to a halt.
Sources said the attack was detected by MITA’s cyber security defence system and blocked by Malta’s Cyber Defence Incident Response team.
The attacks first began around May.
The sources said Microsoft’s Specialised Security Services had also been brought in to assist in reviewing the attempted hacks and provide a post mortem.
The Microsoft experts last month informed the Maltese authorities that the local attacks had similar traits to those on IT infrastructures of other governments in recent months.
The most likely suspects were Turla – also known in the hacking community as Waterbug, KRYPTON and Venomous Bear – a hostile cyber espionage group known to access sensitive government information and trade it.
Although there had been repeated attempts to gain access to the government’s web hosting facilities in recent months, the sources said that the Maltese systems had not been compromised.
The efforts to gain access came in the form of what are known as Advanced Persistent Threats – in which unauthorised access to a network is normally achieved and remains undetected for lengthy periods before it is used by hackers.
The Maltese authorities have also engaged Microsoft to assist them in protecting national infrastructure.
The Malta Security Services are also providing assistance by passing on intelligence from foreign counterparts, the sources told Times of Malta.
This is not the first time that a foreign hacking group has been suspected of targeting Malta. Back in 2017, a Russian collective known as Fancy Bear were suspected of singling out Maltese systems as the island assumed the EU presidency.
At the time, Times of Malta had reported on a “threat intelligence report” commissioned by MITA that had raised the possibility of the group being behind an increase in hacking attempts.
The attacks had sought to infect local networks with Malware. This was done by launching “aggressive” phishing campaigns – attempts to obtain sensitive information, such as usernames or passwords, by disguising as a trustworthy entity in an electronic communication.