SoylentNews

upstart writes in with a submission, via IRC, for Runaway1956.

Hacking the hackers: Russian group hijacked Iranian spying operation, officials say

The Russian group, known as “Turla” and accused by Estonian and Czech authorities of operating on behalf of Russia’s FSB security service, has used Iranian tools and computer infrastructure to successfully hack in to organizations in at least 20 different countries over the last 18 months, British security officials said.

[...] Paul Chichester, a senior official at Britain’s GCHQ [(Government Communications Headquarters)] intelligence agency, said the operation shows state-backed hackers are working in a “very crowded space” and developing new attacks and methods to better cover their tracks.

In a statement accompanying a joint advisory with the U.S. National Security Agency (NSA), GCHQ’s National Cyber Security Centre said it wanted to raise industry awareness about the activity and make attacks more difficult for its adversaries.

“We want to send a clear message that even when cyber actors seek to mask their identity, our capabilities will ultimately identify them,” said Chichester, who serves as the NCSC’s director of operations.

Officials in Russia and Iran did not immediately respond to requests for comment sent on Sunday. Moscow and Tehran have both repeatedly denied Western allegations over hacking.

[...] By gaining access to the Iranian infrastructure, Turla was able to use APT34’s[*] “command and control” systems to deploy its own malicious code, GCHQ and the NSA said in a public advisory.

The Russian group was also able to access the networks of existing APT34 victims and even access the code needed to build its own “Iranian” hacking tools.

[*] APT34: Wikipedia Entry.

Original Submission