Russian hackers piggybacked on an Iranian cyber-spying operation. The operation was meant to attack government and industry organizations in multiple countries, while disguising as attackers from the Islamic republic. British and US officials reported this on Monday.
British security officials said that the Russian group, “Turla,” have been accused by Estonian and Czech authorities of acting on behalf of Russia’s FSB security service. They have employed Iranian tools and computer base to successfully hack several companies in at least 20 different nations in the last 18 months.
British officials also said that the hacking operations, which has not been previously revealed to this extent, was active mostly in the Middle East. And that it also attacked organizations in Britain.
Britain’s GCHQ Intelligence Agency Remarks
Paul Chichester, a top official at Britain’s GCHQ intelligence agency, reported that the operation proves state-sponsored hackers were operating in a “very crowded space.” And that they are coming up with new strikes and techniques to conceal their routes better.
GCHQ’s National Cyber Security Centre stated that it wanted to increase industry awareness regarding the movement and make it more difficult for its foes. This was reported in a statement following a joint advisory with the National Security Agency (NSA) in the United States.
Chichester, who is the NCSC’s director of operations said “We want to convey a message that even when cyber characters seek to conceal their identity, our capacities will eventually identify them,”
Officials in Russia and Iran did not promptly answer to demands for comment sent on Sunday. Tehran and Moscow have both repeatedly refuted Western accusations over hacking.
Western officials have categorized Iran and Russia as two of the highly dangerous threats in cyberspace, alongside North Korea and China. And both governments have been accused of carrying out hacking activities against countries all over the world.
Intelligence officials stated that there was no proof of conspiracy between Turla, and the Iranian government. Some cybersecurity researchers at firms such as FireEye accused Tulsa of working for the Iranian government.
GCHQ’s Paul Chichester said, ‘’Instead, the Russian hackers infiltrated the Iranian group’s infrastructure to “disguise as a foe which victims would expect to attack them.”
The United States and its Western associates have been known to use foreign cyberattacks to aid their spying acts. An act called “fourth party collection,” according to documents published by Edward Snowden, a former US intelligence contractor, and announced by Der Spiegel, a German magazine.
British officials said Turla’s activities show the perils of unfairly blaming cyberattacks. And they also stated that they do not know of any public occurrences that had been blamed on Iran. As an outcome of the Russian operation.
GCHQ refused to make any comment on Western operations. GCHQ and the NSA said in a public advisory; they accessed the Iranian infrastructure. After that, the Turla group was able to employ APT34’s “command and control” systems to assign its malicious code.
The Russian group accessed the networks of existing APT34 victims and got access to the code required to develop its own “Iranian” hacking tools.