Russian cyberattack unit ‘masqueraded’ as Iranian hackers, UK says

☑︎#VoteDemocrat

The Original
Bushed
WOAT
Supporter
Joined
Dec 9, 2012
Messages
332,723
Reputation
-34,426
Daps
637,538
Reppin
The Deep State
:mindblown:



Russian cyberattack unit ‘masqueraded’ as Iranian hackers, UK says
Turla group hijacked the tools of an Iran unit to lead attacks against 35 countries
http%3A%2F%2Fcom.ft.imagepublish.upp-prod-us.s3.amazonaws.com%2Fd987a470-f35a-11e9-bbe1-4db3476c5ff0

© Alamy
A Russian cyber espionage unit has hacked Iranian hackers to lead attacks in more than 35 countries, a joint UK and US investigation has revealed.

The so-called Turla group, which has been linked with Russian intelligence, allegedly hijacked the tools of Oilrig, a group widely linked to the Iranian government, according to a two-year probe by the UK’s National Cyber Security Centre in collaboration with the US’ National Security Agency. The NCSC is part of GCHQ, the digital intelligence agency.

The Iranian group is most likely unaware that its hacking methods have been hacked and deployed by another cyber espionage team, security officials involved in the investigation said. Victims include military establishments, government departments, scientific organisations and universities across the world, mainly in the Middle East.

Paul Chichester, NCSC director of operations, said Turla’s activity represented “a real change in the modus operandi of cyber actors” which he said “added to the sense of confusion” over which state-backed cyber groups had been responsible for successful attacks.

“The reason we are [publicising] this is because of the different tradecraft we are seeing Turla use,” he told reporters. “We want others to be able to understand this activity.”

Mr Chichester described how Turla began “piggybacking” on Oilrig’s attacks by monitoring an Iranian hack closely enough to use the same backdoor route into an organisation or to gain access to the resulting intelligence. Turla is also known as Waterbug or Venomous Bear.

But the Russian group then progressed to initiating their own attacks using Oilrig’s command-and-control infrastructure and software. Organisations in approximately 20 countries were successfully hacked in this way.

“[Turla] could benefit from the operations of Oilrig. They could collect some of their operational output . . . It allowed them to gain more rapid access to victims than they would otherwise have done,” Mr Chichester said. “It made life much easier. This is an opportunistic operation which has given [Turla] a wealth of information and access they wouldn’t otherwise have had.”

The Kremlin did not respond to a request for comment from the Financial Times. Russia’s government has consistently denied it is behind hacking attempts on other states. President Vladimir Putin, in an interview with the FT earlier this year, described allegations that Moscow had orchestrated attempts to influence the 2016 US elections as “mythical”.

Cyber espionage groups are increasingly concealing their identities under so called “false flag” operations — in which they try to mimic the activities of another group. Last year US intelligence agencies were reported to have uncovered the fact that Russian hackers had attempted to disrupt the Winter Olympics in Pyeongchang, South Korea, using lines of code associated with Lazarus Group, attributed to North Korea.

But NCSC says Turla’s operations go far further than imitation, and that Oilrig itself — also known by the names Crambus and APT34 — was hacked.

“We have never seen this done to the level of sophistication that we are seeing here,” Mr Chichester said. “It’s unique in the complexity and scale and sophistication. It’s actually really hard masquerading [as another entity].”

He said that Turla now had the potential to hijack other state-sponsored cyber groups. “This is becoming a very crowded space and we do see people innovate quite rapidly in that domain,” he said.






@88m3 @ADevilYouKhow @wire28 @dtownreppin214
@dza @wire28 @BigMoneyGrip @Dameon Farrow @re'up @Blackfyre @NY's #1 Draft Pick @Skyfall @2Quik4UHoes
 

☑︎#VoteDemocrat

The Original
Bushed
WOAT
Supporter
Joined
Dec 9, 2012
Messages
332,723
Reputation
-34,426
Daps
637,538
Reppin
The Deep State
Iranian hackers hit by Russian cyber-thieves

Russian hackers cloak attacks using Iranian group
By Gordon Corera Security correspondent
_109290251_042335272-1.jpg
Getty Images
Iranian hackers became unwitting dupes for Russian attacks
An Iranian hacking group was itself hacked by a Russian group to spy on multiple countries, UK and US intelligence agencies have revealed.

The Iranian group - codenamed OilRig - had its operations compromised by a Russian-based group known as Turla.

The Russians piggybacked on the Iranian group to target other victims.

A National Cyber Security Centre (NCSC) investigation, begun in 2017 into an attack on a UK academic institution, uncovered the double-dealing.

Crowded space
The NCSC discovered that the attack on the institution had been carried out by the Russian Turla group, which it realised was scanning for capabilities and tools used by Iran-based OilRig.

In an investigation that lasted months, it became clear the Russian group had targeted the Iranian-based group and then used its tools and access to collect data and compromise further systems.

Attacks were discovered against more than 35 countries with the majority of the victims being in the Middle East. At least 20 were successfully compromised. The ambition was to steal secrets, and documents were taken from a number of targets, including governments.

Intelligence agencies said Turla was both getting hold of information the Iranians were stealing but also running their own operations using Iranian access and then hoping it would hide their tracks.

_109290246_057069806-1.jpg
Getty Images
Microsoft has said Iranian hackers were behind a series of attacks carried out in 2017
Victims might have assumed they had been compromised by the Iranian-based group when in fact the real culprit was based in Russia.

There is no evidence that Iran was complicit or aware of the Russians' use of their access or that the activity was done to foment trouble between countries but is a sign of the increasingly complex world of cyber-operations.

"This is getting to be a very crowded space," explained Paul Chichester, director of operations for the NCSC, the protective arm of the intelligence agency GCHQ.

He adding he had not previously seen such a sophisticated attack carried out. Separately it has been reported in leaks that the US and UK also have similar capabilities.

Mr Chichester said he would not describe the Russian hack attacks as a "false flag" since it was not an attempt to deliberately frame someone else.

The NCSC would also not directly attribute the attacks to the Russian and Iranian states but Turla has previously been linked by others to Russia's Security Service, the FSB, and OilRig to the Iranian state.

'We can identify them'
The investigation was primarily a UK one but the details are being revealed jointly by the NCSC and America's NSA. A report of Turla compromising another espionage group was made by the private security company Symantec in June.

Mr Chichester said the purpose of revealing the details was to help others detect this activity and defend themselves.

"We want to send a clear message that even when cyber-actors seek to mask their identity, our capabilities are a match for them and we can identify them," he said.

How the two groups will react to the exposure is not something officials said they could predict.
 

☑︎#VoteDemocrat

The Original
Bushed
WOAT
Supporter
Joined
Dec 9, 2012
Messages
332,723
Reputation
-34,426
Daps
637,538
Reppin
The Deep State
Hacking the hackers: Russian group hijacked Iranian spying operation, officials say

Hacking the hackers: Russian group hijacked Iranian spying operation, officials say
LONDON (Reuters) - Russian hackers piggy-backed on an Iranian cyber-espionage operation to attack government and industry organizations in dozens of countries while masquerading as attackers from the Islamic Republic, British and U.S. officials said on Monday.

FILE PHOTO: A man types on a computer keyboard in Warsaw in this February 28, 2013 illustration file picture. Kacper Pempel//File Photo

The Russian group, known as “Turla” and accused by Estonian and Czech authorities of operating on behalf of Russia’s FSB security service, has used Iranian tools and computer infrastructure to successfully hack in to organizations in at least 20 different countries over the last 18 months, British security officials said.

The hacking campaign, the extent of which has not been previously revealed, was most active in the Middle East but also targeted organizations in Britain, they said.

Paul Chichester, a senior official at Britain’s GCHQ intelligence agency, said the operation shows state-backed hackers are working in a “very crowded space” and developing new attacks and methods to better cover their tracks.

In a statement accompanying a joint advisory with the U.S. National Security Agency (NSA), GCHQ’s National Cyber Security Centre said it wanted to raise industry awareness about the activity and make attacks more difficult for its adversaries.

“We want to send a clear message that even when cyber actors seek to mask their identity, our capabilities will ultimately identify them,” said Chichester, who serves as the NCSC’s director of operations.

Officials in Russia and Iran did not immediately respond to requests for comment sent on Sunday. Moscow and Tehran have both repeatedly denied Western allegations over hacking.

GLOBAL HACKING CAMPAIGNS
Western officials rank Russia and Iran as two of the most dangerous threats in cyberspace, alongside China and North Korea, with both governments accused of conducting hacking operations against countries around the world.

Intelligence officials said there was no evidence of collusion between Turla and its Iranian victim, a hacking group known as “APT34” which cybersecurity researchers at firms including FireEye FEYE.O say works for the Iranian government.

Rather, the Russian hackers infiltrated the Iranian group’s infrastructure in order to “masquerade as an adversary which victims would expect to target them,” said GCHQ’s Chichester.

Turla’s actions show the dangers of wrongly attributing cyberattacks, British officials said, but added that they were not aware of any public incidents that had been incorrectly blamed on Iran as a result of the Russian operation.

The United States and its Western allies have also used foreign cyberattacks to facilitate their own spying operations, a practice referred to as “fourth party collection,” according to documents released by former U.S. intelligence contractor Edward Snowden and reporting by German magazine Der Spiegel.

GCHQ declined to comment on Western operations.

By gaining access to the Iranian infrastructure, Turla was able to use APT34’s “command and control” systems to deploy its own malicious code, GCHQ and the NSA said in a public advisory.

The Russian group was also able to access the networks of existing APT34 victims and even access the code needed to build its own “Iranian” hacking tools.

Additional reporting by Vladimir Soldatkin in Moscow and Babak Dehghanpisheh in Geneva; Editing by Frances Kerry
 

☑︎#VoteDemocrat

The Original
Bushed
WOAT
Supporter
Joined
Dec 9, 2012
Messages
332,723
Reputation
-34,426
Daps
637,538
Reppin
The Deep State
Hacking the hackers: Russian group hijacked Iranian spying operation, officials say

Hacking the hackers: Russian group hijacked Iranian spying operation, officials say
LONDON (Reuters) - Russian hackers piggy-backed on an Iranian cyber-espionage operation to attack government and industry organizations in dozens of countries while masquerading as attackers from the Islamic Republic, British and U.S. officials said on Monday.

FILE PHOTO: A man types on a computer keyboard in Warsaw in this February 28, 2013 illustration file picture. Kacper Pempel//File Photo

The Russian group, known as “Turla” and accused by Estonian and Czech authorities of operating on behalf of Russia’s FSB security service, has used Iranian tools and computer infrastructure to successfully hack in to organizations in at least 20 different countries over the last 18 months, British security officials said.

The hacking campaign, the extent of which has not been previously revealed, was most active in the Middle East but also targeted organizations in Britain, they said.

Paul Chichester, a senior official at Britain’s GCHQ intelligence agency, said the operation shows state-backed hackers are working in a “very crowded space” and developing new attacks and methods to better cover their tracks.

In a statement accompanying a joint advisory with the U.S. National Security Agency (NSA), GCHQ’s National Cyber Security Centre said it wanted to raise industry awareness about the activity and make attacks more difficult for its adversaries.

“We want to send a clear message that even when cyber actors seek to mask their identity, our capabilities will ultimately identify them,” said Chichester, who serves as the NCSC’s director of operations.

Officials in Russia and Iran did not immediately respond to requests for comment sent on Sunday. Moscow and Tehran have both repeatedly denied Western allegations over hacking.

GLOBAL HACKING CAMPAIGNS
Western officials rank Russia and Iran as two of the most dangerous threats in cyberspace, alongside China and North Korea, with both governments accused of conducting hacking operations against countries around the world.

Intelligence officials said there was no evidence of collusion between Turla and its Iranian victim, a hacking group known as “APT34” which cybersecurity researchers at firms including FireEye FEYE.O say works for the Iranian government.

Rather, the Russian hackers infiltrated the Iranian group’s infrastructure in order to “masquerade as an adversary which victims would expect to target them,” said GCHQ’s Chichester.

Turla’s actions show the dangers of wrongly attributing cyberattacks, British officials said, but added that they were not aware of any public incidents that had been incorrectly blamed on Iran as a result of the Russian operation.

The United States and its Western allies have also used foreign cyberattacks to facilitate their own spying operations, a practice referred to as “fourth party collection,” according to documents released by former U.S. intelligence contractor Edward Snowden and reporting by German magazine Der Spiegel.

GCHQ declined to comment on Western operations.

By gaining access to the Iranian infrastructure, Turla was able to use APT34’s “command and control” systems to deploy its own malicious code, GCHQ and the NSA said in a public advisory.

The Russian group was also able to access the networks of existing APT34 victims and even access the code needed to build its own “Iranian” hacking tools.

Additional reporting by Vladimir Soldatkin in Moscow and Babak Dehghanpisheh in Geneva; Editing by Frances Kerry
 

Dr. Acula

Hail Hydra
Supporter
Joined
Jul 26, 2012
Messages
26,723
Reputation
9,197
Daps
143,066
tenor.gif


Is how imagine Nap Everytime he posts.

they need to be sanctioned into oblivion


Will Iran's defenders on this forum stick up for Iran or Russia

:sas2:
More likely most people don't care about this shyt because it has nothing to do with their day to day lives or put food on their table.

"Spygames happened" is the gist of this article aka shyt happening all the time around the world.
 

88m3

Fast Money & Foreign Objects
Joined
May 21, 2012
Messages
92,297
Reputation
3,851
Daps
164,762
Reppin
Brooklyn
More likely most people don't care about this shyt because it has nothing to do with their day to day lives or put food on their table.

"Spygames happened" is the gist of this article aka shyt happening all the time around the world.

woe is me, woe is the world
 
Top