A group of cyber-criminals based in Iran has suffered an attack executed by Russian hackers aiming to spy on countries including the UK and the US, intelligence specialists say.
The Russian group, named Turla, took advantage of Iran’s OilRig group to target others, the UK’s National Cyber Security Centre (NCSC) claims. According to the NCSC, an attack on a UK education centre was conducted by Turla, with the hackers employing tools and tactics belonging to OilRig.
A long investigation found that the Russians were piggybacking the Iranian group to harvest data and compromise more IT infrastructures, with similar attacks being uncovered in over 35 countries. Most of the victims were based in the Middle East and at least 20 targets were successfully compromised, with Turla’s goal being to steal secrets and documentation from multiple organisations, including governments.
Intelligence bodies say Turla was also hoovering up data stolen by the Iranians, while running their own schemes using Iranian access paths so that victims would blame the Iranian group, not Turla.
No evidence exists to suggest that OilRig has been complicit in the Russian group’s activity, and the situation is being viewed as an indicator of how complex hacking patterns are becoming in the modern cyber world.
Paul Chichester, director of operations for the NCSC, which is an arm of the British intelligence agency, GCHQ, said “this is getting to be a very crowded space,” before underlining how he had never seen an attack of such sophistication.
The UK drove the initial investigation into the hacks, but details are also being released by the NCSC and the National Security Agency (NSA) in the US.
Mr Chichester said that this information was being published to help other regimes understand and detect similar activity, and to aid defence programmes.
“We want to send a clear message that even when cyber-actors seek to mask their identity, our capabilities are a match for them and we can identify them,” he said.
The post #Privacy: Iranian hacking group used by Russian cyber-criminals appeared first on PrivSec Report.