British and U.S. officials said on Monday that Russian hackers piggy-backed on an Iranian cyber-espionage operation to attack government and industry organizations in dozens of countries while pretending as attackers from the Islamic Republic.
British security officials further claimed that the Russian group “Turla” has used Iranian tools and computer infrastructure to successfully hack into organizations in at least 20 different countries over the last 18 months. It has been accused by Estonian and Czech authorities of operating on behalf of Russia’s FSB security service.
They said that the hacking campaign, the extent of which has not been previously revealed, was most active in the Middle East but also targeted organizations in Britain. A senior official at Britain’s GCHQ intelligence agency, Paul Chichester said the operation shows state-backed hackers are working in a “very crowded space” and developing new attacks and methods to better cover their tracks.
GCHQ’s National Cyber Security Centre jointly with the U.S. National Security Agency (NSA), said in a statement that it wanted to raise industry awareness about the activity and make attacks more difficult for its adversaries.
Chichester, the director of NCSC said, “We want to send a clear message that even when cyber actors seek to mask their identity, our capabilities will ultimately identify them.” However, the officials in Iran and Russia did not immediately respond to requests for comment sent on Sunday. The Western allegations of hacking were repeatedly rejected by Moscow and Tehran.
Russia and Iran, both the countries have been marked by the Western officials as two of the most dangerous threats in cyberspace alongside China and North Korea. Both governments were accused of executing hacking operations against countries around the world.
As per the intelligence officials, there is no proof of conspiracy between Turla and its Iranian victim, a hacking group known as “APT34”. Meanwhile, GCHQ’s Chichester stated the Russian hackers infiltrated the Iranian group’s infrastructure in order to “masquerade as an adversary which victims would expect to target them.”
The British officials further claimed that Turla’s action shows the dangers of wrongly attributing cyber-attacks. They were unaware of any public incidents that had wrongly blamed on Iran as a result of the Russian operation, they added.
According to documents released by former U.S. intelligence contractor Edward Snowden and as reported by German magazine Der Spiegel, the United States and its Western allies have also used foreign cyber-attacks to facilitate their own saying operations.