Moscow spy hacked Iran’s hackers and launched cyber attacks on 35 countries
The Turla group, linked to a Russian cyber espionage unit has hacked allegedly OilRig Iranian hackers to lead attacks in over 35 countries according to a joint probe by UK’s National Cyber Security Centre in collaboration with the US National Security Agency.
The Iranian group unaware that its hacking modus-operandi has been hacked and deployed by another cyber espionage team, according to security officials. Victims of Cyber spying include military establishments, government departments scientific groups and universities across the world, mainly in the Middle East.
Paul Chichester, NCSC Director of operations said Turla’s activity represented “ a real change in modus operandi of cyber actors added to the sense of confusion” as the state backed cyber groups had been responsible for successful attacks.
“The reason we are publicising this is because of the different tradecraft we are seeing Turla use. We want others to be able to understand this.”
Mr Chichester explained how Turla began piggybacking on OilRig’s attacks by monitoring an Iranian hack closely enough to use the same backdoor route into an organisation or to gain access to the resulting intelligence.
Turla then progressed to initiating its own attacks using OilRig’s command-and-control infrastructure and software. Turla could collect some of their operational output which allowed then to gain more rapid access to victims”.
Russia, however, has denied it is behind hacking attempts on other states.