Russian hackers hijack Iranian hackers to launch Cyber Attack campaigns


A Russian hacking group dubbed as Turla is reported to have hacked into the database of Iranian hackers to launch a cyber-attack campaign targeting over 35 countries, mostly in the Middle East.

The other shocking fact which was discovered and revealed by UK’s National Cyber Security Center(NCSC) in association with US Intelligence is that the Russian group which is a cyber-espionage unit is carrying out attacks on the digital infrastructure of other countries since two years without the knowledge of Iranian hackers.

Now, going deep into the details, the Iranian hacking group named OilRig aka APT43 funded by the Iranian government is the subject in the discussion which was compromised by Russia’s Turla hacking group.

UK’s NCSC in collaboration with US National Security Agency is said to have started a probe on OilRig when it attacked a US military agency in 2017. It was revealed that the Iranian hackers were targeting military establishments, government organizations, space agencies, scientific departments, Air travel control stations and Universities across the world.

However, the APT43 actors are unaware that their digital infrastructure is already under control of a Russian hacking group which is a culmination of cyber actors and their modus operandi.

Turla which is also known as Venomous bear or Waterbug has been mimicking the attack variants of Iranian hackers which draw the suspicion graph over APT43 a spin-off of APT34 ( a malware spreading Iranian hacking group) making the world believe that it is the activity being conducted by Iranian hackers.

Paul Chichester, the director of operations, NCSC, a cyber unit of GCHQ, said that Turla has disguised as APT43 by taking control of C&C infrastructure and has launched espionage-related campaigns on public and private entities operating in over 20 countries.

Not enough, they have collected enough evidence from the database of APT43 to gain access on a rapid note to the systems of victims- all due to the opportunistic way of modus operandi.

As of now, neither Kremlin nor President Vladimir Putin have taken count of the speculations and have reacted.

But a source close to Putin said that these media speculations are all a part of a malevolence campaign launched by the west to tarnish the image of Russia and its governance in the international arena.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display