Targets include some of the most important human rights organizations and aid groups operating in the country, such as the Syrian Observatory of Human Rights, which reports on military incidents and is frequently cited in western media outlets, the Financial Times has learnt. The operation shares many of the hallmarks of Moscow's sustained hacking campaign against the Ukrainian government in 2013 and 2014.
Richard Turner, head of Middle East and Europe at FireEye, the cyber security group, said that his organization had tracked Moscow's cyber campaign against Syrian organizations since December, adding that it had been growing in size since the start of the year.
"APT 28 and other Russian groups are now really focusing their attention on the collection of data on Syrian groups, particularly those focused on human rights and the monitoring of Russian military activity," Turner said. "It's a very significant operation." APT 28 is one of Russia's most highly sophisticated cadres of state-backed hackers, and has been researched in the past by FireEye and other commercial cyber security groups.
"Clearly this is to enable them to respond politically… to target [the groups] for information warfare and to have an impact on the conflict itself," he added.
The Syrian cyber-attacks are mounted using fake replicas of legitimate organizations' websites, which infect computer users when they are accessed. They also involve crafting cleverly disguised emails with malign attachments designed to look like trusted personal correspondences, press releases or official notices.
Governmental and private sector groups have also been heavily targeted in Turkey, reflecting Ankara's role as a protagonist in the battle for Syria. "There's a major Russian cyber response right now because of a worsening relationship [with Ankara]," the regional intelligence official said, citing Turkey's shooting down of a Russian jet in November as a turning point.
It is unclear just how many organizations have been compromised, but the malware used by the Russian agents could be used to erase data, propagate disinformation from official accounts or gather intelligence on highly sensitive targets gleaned from NGOs' contact books.