An advanced persistent threat that Russia found inside government systems was too crude to have been the work of a Western nation, says security researcher Juan Andrés Guerrero-Saade of Sentinel Labs, before suggesting the malware came from a Chinese entity.
Russian telco and IT services provider Rostelecom and the nation's National Coordination Center for Computer Incidents, an arm of the Russian Federal Security Service (FSB), in May published a joint report that detailed their assessment of attacks on several Russian government entities detected in 2020.
The report said the attacks were made using malware named "Mail-O" and asserted that attackers used cloud storage services provided by Russian companies Yandex and Mail.ru Group. The malware mimicked legitimate cloud storage management apps Disk-O and Yandex Disk.
Guerrero-Saade wrote that he feels the security industry has quickly defaulted to a view that Western actors were behind the attacks.