U.S. Markets open in 6 hrs 21 mins

Russian hackers disguised cyber attacks using Iranian spying gang

James Cook
Russian hackers hid their hacking attacks by posing as a rival Iranian hacking gang, British and American officials said - Bloomberg News

Russian hackers hid their efforts to attack organisations in the UK and other countries around the world by pretending to be a rival Iranian hacking group.

A Russian hacking group dubbed “Turla”, which has been linked to Russia’s FSB agency, hacked into Iranian servers to mask attacks against more than 35 different countries over the last 18 months, British and American security officials have said.

The hacking campaign was revealed on Monday by the UK’s National Cyber Security Centre (NCSC) along with the American National Security Agency.

The Russian hacking group’s targets were not disclosed by the security services, but the NCSC has said that the group has previously hacked into “government, military, technology, energy and commercial organisations.”

Most of the victims of the hacking campaign were in the Middle East, security officials said on Monday. Hacked organisations included universities and scientific organisations.

Disguising the origin of cyberattacks is a common tactic used by hacking groups to avoid political responses such as sanctions and to cause further confusion amongst their targets.

The NCSC said on Monday that the Russian hacking group went beyond mimicking Iranian hackers and actually broke into the rival hacking group’s infrastructure, taking over its servers to mask its hacking attempts.

Russian hackers even took over in-progress hacks from the Iranian group, taking advantage of their previous work gaining access to computer systems.

The NCSC said in an advisory note to British businesses that Russian hackers stole login information which had been obtained by the Iranians and used it to access servers which had already been hacked.

Paul Chichester, the NCSC’s director of operations, said: “Identifying those responsible for attacks can be very difficult, but the weight of evidence points towards the Turla group being behind this campaign. 

We want to send a clear message that even when cyber actors seek to mask their identity, our capabilities will ultimately identify them.

Turla acquired access to Iranian tools and the ability to identify and exploit them to further their own aims.”