Russia-Linked Group Likely Used Iranian Hacking Tools, NSA Says

October 23, 2019by Alyza Sebenius

WASHINGTON — A Russia-linked group is believed to have utilized Iranian tools to conduct cyber attacks against dozens of countries, in an apparent effort to mask their identities, according to joint advisories by the U.S. and the U.K.

The group, known as Turla, used tools from suspected Iran-based hacking groups and deployed them against old and new targets. In order to acquire the tools, Turla “comprised the suspected Iran-based hacking groups themselves,” according to the U.S. National Security Agency and the U.K.’s National Cyber Security Centre, which released the advisories on Monday.

The original owners of the tools “were almost certainly not aware of, or complicit with, Turla’s use of their implants,” the agencies said.

The attacks, against more than 35 countries, would appear to the victims as coming from Iran. “We want to send a clear message that even when cyber actors seek to mask their identity, our capabilities will ultimately identify them,” said Paul Chichester, director of operations for the U.K. cyber agency, in one of the advisories.

Turla, which is also known as Waterbug or Venomous Bear, collects information by targeting government, military, technology, energy and commercial operations for the purposes of intelligence collection, the agencies said.

“After acquiring the tools — and the data needed to use them operationally — Turla first tested them against victims they had already compromised,” according to one of the advisories. Following this, they “then deployed the Iranian tools directly to additional victims.”

The U.K. cyber agency had published advisories about Turla in 2017 and 2018.

In a June report, cited by the agencies, the cybersecurity company Symantec Corp. said that Turla had spent a year and a half attacking international and government organizations “in a series of campaigns that have featured a rapidly evolving toolset and, in one notable instance, the apparent hijacking of another espionage group’s infrastructure.”

Now that Turla is armed with Iranian tools, the best way to lessen the risk is to update vulnerable systems, one of the advisories said.

———

©2019 Bloomberg News

Visit Bloomberg News at www.bloomberg.com

Distributed by Tribune Content Agency, LLC.

Cybersecurity

Russian ‘Evil Corp’ is Behind a Decade of Hacks, US Says Cybersecurity
Russian ‘Evil Corp’ is Behind a Decade of Hacks, US Says

WASHINGTON — The U.S. unveiled criminal charges and sanctions against members of a hacking group that calls itself Evil Corp, which authorities blame for some of the worst computer hacking and bank fraud schemes of the past decade. The Justice Department, working mainly with the Treasury... Read More

Ohio Election Day Cyberattack Attempt Traced to Panama State News
Ohio Election Day Cyberattack Attempt Traced to Panama

COLUMBUS, Ohio — The Ohio Secretary of State’s office was the subject of a thwarted foreign cyberattack on Election Day. Ohio Secretary of State Frank LaRose said Tuesday that the so-called “SQL injection” attack was detected by the state’s internal systems. The attack was attempting to... Read More

Russia-Linked Group Likely Used Iranian Hacking Tools, NSA Says Cybersecurity
Russia-Linked Group Likely Used Iranian Hacking Tools, NSA Says

WASHINGTON — A Russia-linked group is believed to have utilized Iranian tools to conduct cyber attacks against dozens of countries, in an apparent effort to mask their identities, according to joint advisories by the U.S. and the U.K. The group, known as Turla, used tools from... Read More

Bipartisan Commission to Study Proliferation of Terrorist Content Online Bipartisan
Bipartisan Commission to Study Proliferation of Terrorist Content Online
October 22, 2019
by Dan McCue

WASHINGTON - A bill introduced Tuesday by the chairman of the House Committee on Homeland Security would establish a bipartisan commission of non-government experts to examine the ways social media and other online platforms have been exploited to promote and carry out acts of terrorism. “Today,... Read More

Theranos 2.0? Another Purported Tech Company Trades on Fake IP Opinions
Theranos 2.0? Another Purported Tech Company Trades on Fake IP

Intellectual property policies could get a major court test this year as a real estate services company appeals a massive $706 million judgment that it stole trade secrets from a San Francisco-headquartered REtech company. At the dispute’s onset, the jury award, handed down in, Texas court... Read More

House Freshman Champions Bill to Bolster Cyber Security for Small Business Administration Cybersecurity
House Freshman Champions Bill to Bolster Cyber Security for Small Business Administration
August 2, 2019
by Sean Trambley

WASHINGTON - Earlier this month, freshman Rep. Jason Crow, D-Col., had the pleasure of seeing one of his first pieces of legislation passed unanimously in the House by a voice vote. Crow’s SBA Cyber Awareness Act requires the Small Business Administration to issue a report assessing... Read More

Straight From The Well
scroll top