Russian hackers disguised as Iranian spies attacked 35 countries
Russian cyber actors disguised themselves as Iranian spies so they could stealthily orchestrate attacks on countries across the world, the U.S. and U.K. said today (21 October) in a joint statement.
The so called Turla group, which is also known as Snake or Uroburos, hid in plain sight by acquiring Iranian tools and infrastructure to perform their attacks, the U.K.’s Cyber Security Centre (NCSC) and U.S. National Security Agency said.
In total, 35 countries were attacked, including the U.K. and U.S., with a “large cluster” of victims based in the Middle East. Victims included military establishments, government departments, scientific organisations and universities.
Turla used implants derived from Iranian hackers’ previous campaigns, ‘Neuron’ and ‘Nautilus’–which they obtained through compromising the Iran based hackers themselves. [Continue reading…]
Notorious threat actors like Potao Express, BlackEnergy and Turla account for as many as 79 unique malware families that have been used to infiltrate European government and military computers and target “high-value” entities across Ukraine, Russia, Georgia, and Belarus for information harvesting.
The findings come from a map put together by Check Point Research and genetic malware analysis firm Intezer, making it the first-ever comprehensive analysis of state-backed Russian-attributed threat groups that have been found to engage in disruptive cyber warfare.
“The size of the resource investment and the way the Russians are organizing themselves in silos makes them able to carry out a multi-tiered cyberespionage offensive,” Check Point researcher Itay Cohen told TNW.
It’s worth noting that all of Russia’s cutting-edge cyberespionage operations, including the 2016 US elections hack and the devastating Petya ransomware attacks on Ukraine in 2017, have been attributed to three intelligence services — the FSB (Federal Security Service), the SVR (Foreign Intelligence Service), and GRU (Main Intelligence Directorate for Russia’s military) — none of which directly collaborate with one another. [Continue reading…]