Russia and Iran: Beards (in the Medieval Sense) Are Back

November 6, 2019

Here is a terrific example of how Russian cyber attackers skillfully sow confusion. The Financial Times reveals, “Russian Cyber attack Unit ‘Masqueraded’ as Iranian Hackers, UK Says.” A joint investigation by the UK’s National Cyber Security Centre and the US’s National Security Agency reveals the espionage group first hacked an Iranian hacking group, then attacked over 35 other countries posing as that group. The Russian group, known as Turla, has been linked to Russian intelligence. Reporters Helen Warrell and Henry Foy write:

“The Iranian group is most likely unaware that its hacking methods have been hacked and deployed by another cyber espionage team, security officials involved in the investigation said. Victims include military establishments, government departments, scientific organizations and universities across the world, mainly in the Middle East. Paul Chichester, NCSC director of operations, said Turla’s activity represented ‘a real change in the modus operandi of cyber actors’ which he said ‘added to the sense of confusion’ over which state-backed cyber groups had been responsible for successful attacks. ‘The reason we are [publicizing] this is because of the different tradecraft we are seeing Turla use,’ he told reporters. ‘We want others to be able to understand this activity.’ Mr Chichester described how Turla began ‘piggybacking’ on Oilrig’s attacks by monitoring an Iranian hack closely enough to use the same backdoor route into an organization or to gain access to the resulting intelligence. … But the Russian group then progressed to initiating their own attacks using Oilrig’s command-and-control infrastructure and software.”

We’re told the group successfully hacked about 20 countries using this tactic. It let them tap into Oilrig’s operational output to gain access to victims faster and easier. Not surprisingly, the Kremlin refused to comment; Russia consistently denies it hacks other states, describing such allegations as “mythical.”

Cynthia Murrell, November 6, 2019

Comments

Comments are closed.

  • Archives

  • Recent Posts

  • Meta