Skip to content

Russian hackers piggybacked on Iranian groups to attack others

London: In a bizarre case of cyber attacks, Russian hackers first targeted Iran-based groups and acquired their tools and infrastructure to conduct attacks on dozens of countries, security officials in the UK and US revealed on Monday.

Advisories published by the UK’s National Cyber Security Centre (NCSC) and US National Security Agency (NSA) have shown that the group targeted victims and adopted techniques used by suspected Iran-based hacking groups.

The attacks against more than 35 countries would appear to the victims to be Iranian in origin, but the investigation revealed that this was not the case.

Victims saw documents extracted from various sectors, including governments.

Majority of the victims were based in the Middle East, the investigation found.

The Russian group, known as “Turla”, used implants derived from the suspected Iran-based hacking groups’ previous campaigns, “Neuron’ and “Nautilus”.

In order to acquire these tools and access the infrastructure, Turla also compromised the Iran-based hacking groups themselves.

“Identifying those responsible for attacks can be very difficult, but the weight of evidence points towards the Turla group being behind this campaign,” Paul Chichester, NCSC’s Director of Operations, said in a statement.

“We want to send a clear message that even when cyber actors seek to mask their identity, our capabilities will ultimately identify them.

“Turla acquired access to Iranian tools and the ability to identify and exploit them to further their own aims,” Chichester said.

Turla regularly collects information by targeting government, military, technology, energy and commercial organisations, NCSC said.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: