Russian hackers pretended to be Iranian spies so they could craftily organize attacks on various countries all over the world. Both the US and the UK revealed the recently discovered attack just recently through a joint statement. Hackers, also known as the Turla Group otherwise known as Uroburos or Snake, concealed their identity in plain sight by getting Iranian infrastructure and tools to launch attacks.
According to the U.K.'s Cyber Security Centre (NCSC) and U.S. National Security Agency, there are, so far, 35 countries that have been attacked. Victims range from government departments to scientific organizations to military establishments to universities. According to the report, the Turla Group utilized implants, Nautilus, and Neuron, taken from the previous campaign of Iranian hackers.
NCSC's Director Of Operations Paul Chichester shared that it is tough to identify the persons behind the recent attacks, but considering the mounting evidence, it suggests that the Turla Group could be behind the campaign. The director also sent a warning to attackers that despite having been able to conceal their identities, the intelligence agencies can still be able to identify them. In some situations, it seemed that the implant had been released by an IP address linked with an Iranian APT group, and eventually accessed from infrastructure linked with the Turla Group.
A highly significant move by NSA & GCHQ >>> “By gaining access to the Iranian infrastructure, Turla [likely FSB] was able to use APT34's ‘command and control’ systems to deploy its own malicious code, GCHQ and the NSA said in a public advisory” https://t.co/JKqSCqbKGQ — Thomas Rid (@RidT) October 21, 2019
NCSC noted that the Russian hackers were able to take control of the victims earlier compromised by a totally different actor. The Russian hackers called Turla Group targets technology, military, commercial, and energy organizations. Meanwhile, the Russians have this doctrine маскировка, also known to encourage deception or masking.
This is the core of all that they are doing and enables them to interfere in other countries and be able to deny their connections later on. The same happened with the Sergei Skripal attack in Salisbury in 2018. Additionally, experts noted that Iran is a closed country with very little access to western training and academia, but it seems that they were able to pull out some of the most sophisticated cyber-attacks to date.
Earlier this month, another attack was discovered, and analysts were able to pinpoint these attacks to North Korean hackers. The team is believed to be supported by the North Korean government. Additionally, their spoils are believed to be in aid in the communist country's activities particularly in purchasing weapons of mass destruction.
