Skip to main content

Russian hackers piggy-backed on an Iranian cyber-espionage



Russian hackers piggy-backed on an Iranian cyber-espionage operation to attack government and industry organizations in dozens of countries while masquerading as attackers from the Islamic Republic, British and US officials said on Monday. The Russian group, known as "Turla" and accused by Estonian and Czech authorities of operating on behalf of Russia's FSB security service, has used Iranian tools and computer infrastructure to successfully hack in to organisations in at least 20 different countries over the last 18 months, British security officials said.

The hacking campaign, the extent of which has not been previously revealed, was most active in the Middle East but also targeted organisations in Britain, they said.

Paul Chichester, a senior official at Britain's GCHQ intelligence agency, said the operation shows state-backed hackers are working in a "very crowded space" and developing new attacks and methods to better cover their tracks.

In a statement accompanying a joint advisory with the US National Security Agency (NSA), GCHQ's National Cyber Security Centre said it wanted to raise industry awareness about the activity and make attacks more difficult for its adversaries.


"We want to send a clear message that even when cyber actors seek to mask their identity, our capabilities will ultimately identify them," said Chichester, who serves as the NCSC's director of operations.

Officials in Russia and Iran did not immediately respond to requests for comment sent on Sunday. Moscow and Tehran have both repeatedly denied Western allegations over hacking.

Global hacking campaigns

Western officials rank Russia and Iran as two of the most dangerous threats in cyberspace, alongside China and North Korea, with both governments accused of conducting hacking operations against countries around the world.

Intelligence officials said there was no evidence of collusion between Turla and its Iranian victim, a hacking group known as "APT34" which cyber-security researchers at firms including FireEye FEYE.O say works for the Iranian government.

Rather, the Russian hackers infiltrated the Iranian group's infrastructure in order to "masquerade as an adversary which victims would expect to target them," said GCHQ's Chichester.

Turla's actions show the dangers of wrongly attributing cyber-attacks, British officials said, but added that they were not aware of any public incidents that had been incorrectly blamed on Iran as a result of the Russian operation.

The United States and its Western allies have also used foreign cyber-attacks to facilitate their own spying operations, a practice referred to as "fourth party collection," according to documents released by former US intelligence contractor Edward Snowden and reporting by German magazine Der Spiegel.

GCHQ declined to comment on Western operations.


By gaining access to the Iranian infrastructure, Turla was able to use APT34's "command and control" systems to deploy its own malicious code, GCHQ and the NSA said in a public advisory.

The Russian group was also able to access the networks of existing APT34 victims and even access the code needed to build its own "Iranian" hacking tools.

© Thomson Reuters 2019

Comments

Popular posts from this blog

പാവം പൂച്ച

പൂച്ചകള്‍ക്ക് ചില അമാനുഷിക ശക്തികളുണ്ടെന്ന് കേട്ടിട്ടുണ്ട്. അതിനെപ്പറ്റി കൂടുതല്‍ ഒന്നും അറിയില്ല. പൂച്ച മൂലം ഉണ്ടായ കുറെ പ്രശ്നങ്ങളാണ് എന്‍റെ പ്രശ്നം. എന്‍റെ ആയ കാലത്ത് ഞാന്‍ നല്ലൊരു ക്രിസ്ത്യാനിയായിരുന്നു. സഭ എന്ത് പറഞ്ഞാലും ഞാന്‍ കണ്ണും പൂട്ടി അതനുശരിച്ചു പോന്നു. ഒപ്പം ജോലി ചെയ്തിരുന്ന ഒരു നായരെയും ഞാന്‍ മതം മാറ്റത്തിന്‍റെ അരികില്‍ വരെ കൊണ്ടുവന്നതുമാണ്. പോട്ടയിലും കൊട്ടാരക്കരയിലുമൊക്കെ നടക്കുന്ന അത്ഭുതങ്ങള്‍ അറിഞ്ഞദ്ദേഹവും ഞെട്ടിയിരിക്കുകയായിരുന്നു. എല്ലാം തകിടം മറിച്ചത്, ഒരു പൂച്ച. ഈ പൂച്ച വല്യ കള്‍ച്ചര്‍ ഉള്ള ഒരെണ്ണം ആയിരുന്നില്ല, വെറും കാടന്‍. ജനിച്ചത്‌ കാട്ടില്‍, വളര്‍ന്നതും അവിടെ; സന്ദര്‍ഭവശാല്‍ ഒരാശ്രമത്തിലെ സന്യാസിയുടെ ഓമനയായി മാറി, അത്രേയുള്ളൂ. സന്യാസി മരിച്ചപ്പോള്‍ പൂച്ച വനത്തിലേക്ക് മടങ്ങുകയും ചെയ്തു. ഈ പൂച്ചക്ക് ആ ആശ്രമത്തില്‍ സര്‍വ്വത്ര സ്വാതന്ത്ര്യം ഉണ്ടായിരുന്നു. സന്യാസി പൂജ ചെയ്യുന്ന സമയങ്ങളില്‍ ഈ പൂച്ച അവിടെല്ലാം ഓടി നടക്കുകയും അതുമിതുമൊക്കെ തട്ടി മറിക്കുകയും ചെയ്യുമായിരുന്നു. അത്രയ്ക്ക് വിവരമില്ലാത്ത ഒരു പൂച്ചയായിരുന്നത്. പക്ഷേ, സന്യാസിക്കു പൂച്ചയെ വല്യ ഇഷ്ടമായിര

Freenom ICANN registrar accreditation suspended for cybersquatting

OpenTLD, its registrar business, has been told it cannot accept new registrations or inbound transfers from July 8 to October 6 or until it provides ICANN with a full list of the names it squatted. I believe it’s the first time ICANN has suspended a registrar for this reason. ICANN has found that OpenTLD has engaged in a pattern and practice of trafficking in or use of domain names identical or confusingly similar to a trademark or service mark of a third party in which the Registered Name Holder has no rights or legitimate interest   To avoid termination, it has to provide ICANN with a list of all of its trademark infringing names, agree to transfer them to the mark owners or delete them, and bunch of other stuff. Source Letter

News mask innovation adapted for eating