Russia-Linked Group Likely Used Iranian Hacking Tools, NSA Says

October 23, 2019by Alyza Sebenius

WASHINGTON — A Russia-linked group is believed to have utilized Iranian tools to conduct cyber attacks against dozens of countries, in an apparent effort to mask their identities, according to joint advisories by the U.S. and the U.K.

The group, known as Turla, used tools from suspected Iran-based hacking groups and deployed them against old and new targets. In order to acquire the tools, Turla “comprised the suspected Iran-based hacking groups themselves,” according to the U.S. National Security Agency and the U.K.’s National Cyber Security Centre, which released the advisories on Monday.

The original owners of the tools “were almost certainly not aware of, or complicit with, Turla’s use of their implants,” the agencies said.

The attacks, against more than 35 countries, would appear to the victims as coming from Iran. “We want to send a clear message that even when cyber actors seek to mask their identity, our capabilities will ultimately identify them,” said Paul Chichester, director of operations for the U.K. cyber agency, in one of the advisories.

Turla, which is also known as Waterbug or Venomous Bear, collects information by targeting government, military, technology, energy and commercial operations for the purposes of intelligence collection, the agencies said.

“After acquiring the tools — and the data needed to use them operationally — Turla first tested them against victims they had already compromised,” according to one of the advisories. Following this, they “then deployed the Iranian tools directly to additional victims.”

The U.K. cyber agency had published advisories about Turla in 2017 and 2018.

In a June report, cited by the agencies, the cybersecurity company Symantec Corp. said that Turla had spent a year and a half attacking international and government organizations “in a series of campaigns that have featured a rapidly evolving toolset and, in one notable instance, the apparent hijacking of another espionage group’s infrastructure.”

Now that Turla is armed with Iranian tools, the best way to lessen the risk is to update vulnerable systems, one of the advisories said.

———

©2019 Bloomberg News

Visit Bloomberg News at www.bloomberg.com

Distributed by Tribune Content Agency, LLC.

Cybersecurity

CIA Suffered Historic Data Loss From Lax Cybersecurity, Report Says
Cybersecurity
CIA Suffered Historic Data Loss From Lax Cybersecurity, Report Says

WASHINGTON — In early 2017 the Central Intelligence Agency suffered a massive data loss when an agency employee stole vast quantities of information including some of its most secretive hacking tools because of lax cybersecurity measures, according to a redacted investigation report obtained by Sen. Ron... Read More

Hospital Hackers Seize Upon Coronavirus Pandemic
Cybercrime
Hospital Hackers Seize Upon Coronavirus Pandemic

WASHINGTON — In the midst of the coronavirus pandemic, staffers at the Champaign-Urbana Public Health District in Illinois got an unwelcome surprise when they arrived at work one morning last month: Cybercriminals had hijacked their computer network and were holding it hostage. The hackers were demanding... Read More

New Election Security Funds Won’t Come Easy for Hard-Hit States
Elections
New Election Security Funds Won’t Come Easy for Hard-Hit States

WASHINGTON — Cash-strapped states, which Congress just pumped $150 billion into, will nonetheless have to pony up in order to access new election security grants in the massive new coronavirus aid package signed by President Donald Trump. The $2.3 trillion aid bill contains $400 million to... Read More

State AGs Crack Down on Coronavirus Scams
State News
State AGs Crack Down on Coronavirus Scams

WASHINGTON — From disgraced televangelist Jim Bakker in Missouri to a convenience store operator in New Jersey, suspected fraudsters are trying to take advantage of the coronavirus panic to trick consumers into buying useless or harmful products, triggering state anti-gouging laws and anti-fraud efforts by state... Read More

Cybercriminals Seek Profit in Coronavirus
Cybercrime
Cybercriminals Seek Profit in Coronavirus

WASHINGTON — An email seemingly from the U.S. Centers for Disease Control and Prevention warns of new coronavirus infections and urges readers to click on a link to see a list of infections in their community. But the email actually comes from cybercriminals looking to use... Read More

Ransomware Attacks Prompt Tough Question for Local Officials: To Pay or Not To Pay?
Cybercrime
Ransomware Attacks Prompt Tough Question for Local Officials: To Pay or Not To Pay?

WASHINGTON — When cybercriminals struck Lake City, Fla., last June, city officials had to make a tough choice: Pay the hackers or restore systems on their own. A ransomware attack had hijacked the government’s computer network and held it hostage for several weeks. While the attack... Read More

News From The Well
scroll top