Advertisement

Russian group ‘hijacked Iranian spy operation’

The Australian is accused of heading the world's biggest illegal online marketplace.

The Australian is accused of heading the world's biggest illegal online marketplace. Photo: Shutterstock

Russian hackers piggy-backed on an Iranian cyber-espionage operation to attack government and industry organisations in dozens of countries while masquerading as attackers from the Islamic Republic, British and US officials say.

The Russian group, known as “Turla” and accused by Estonian and Czech authorities of operating on behalf of Russia’s FSB security service, has used Iranian tools and computer infrastructure to successfully hack in to organisations in at least 20 different countries over the last 18 months, British security officials said.

The hacking campaign, the extent of which has not been previously revealed, was most active in the Middle East but also targeted organisations in Britain, they said.

Paul Chichester, a senior official at Britain’s GCHQ intelligence agency, said the operation shows state-backed hackers are working in a “very crowded space” and developing new attacks and methods to better cover their tracks.

In a statement accompanying a joint advisory with the US National Security Agency (NSA), GCHQ’s National Cyber Security Centre said it wanted to raise industry awareness about the activity and make attacks more difficult for its adversaries.

“We want to send a clear message that even when cyber actors seek to mask their identity, our capabilities will ultimately identify them,” said Chichester, who serves as the NCSC’s director of operations.

Officials in Russia and Iran did not immediately respond to requests for comment sent on Sunday. Moscow and Tehran have both repeatedly denied Western allegations over hacking.

Western officials rank Russia and Iran as two of the most dangerous threats in cyberspace, alongside China and North Korea.

Intelligence officials said there was no evidence of collusion between Turla and its Iranian victim, a hacking group known as “APT34” which cybersecurity researchers at firms including FireEye say works for the Iranian government.

Rather, the Russian hackers infiltrated the Iranian group’s infrastructure in order to “masquerade as an adversary which victims would expect to target them”, said GCHQ’s Chichester.

-AAP

Advertisement
Stay informed, daily
A FREE subscription to The New Daily arrives every morning and evening.
The New Daily is a trusted source of national news and information and is provided free for all Australians. Read our editorial charter.
Copyright © 2024 The New Daily.
All rights reserved.