A joint British and US investigation has revealed that a Russian electronic spy unit has infiltrated Iranian infiltrators to lead attacks in more than 35 countries.
Turla, a Russian intelligence-linked group, allegedly hijacked Oilrig’s tools, a group linked to the Iranian government, according to a two-year investigation by the UK’s National Cybersecurity Center (NCSC) in cooperation with the United States.
Security officials involved in the investigation said the Iranian group was probably not aware that its hacking methods had been infiltrated and deployed by another cyber-espionage team.
Victims include military institutions; government departments; scientific organizations; and universities around the world, particularly in the Middle East.
NCSC Operations Director Paul Chichester described how Torla began using the Olerg attacks – also known as Waterbug or Venomous Bear – by closely monitoring the Iranian penetration group enough to use the group’s own path.
The Russian group then began its attacks using the group’s infrastructure and command and control software, and organizations in nearly 20 countries successfully penetrated this way.
The Russian government has consistently denied that it is behind piracy attempts against other countries, and President Vladimir Putin earlier this year described allegations that Moscow had organized attempts to influence the 2016 US elections as legendary.
Cyber espionage groups increasingly hide their identities under so-called “pseudo-science” operations, in which they attempt to mimic the activities of another group.
It was reported last year that US intelligence agencies had uncovered the fact that Russian hackers had tried to disrupt the Winter Olympics in Pyeongchang, South Korea, using code linked to North Korea’s Lazarus group.
The UK’s National Cybersecurity Center (NCSC) explained that Turla’s operations go beyond mere imitation, that the Oilrig group itself has been infiltrated, and that Torla now has the ability to kidnap other state-sponsored piracy groups.
Western officials classify Russia and Iran as the most serious threats in cyberspace, along with China and North Korea, where both governments have been accused of infiltrating countries around the world.
Source : NCSC