Published in News

Russia denies pretending to be Iranian hackers

by on28 October 2019


Making it look like the Iranians are doing their dirty work

Russia has rejected media reports suggesting that Russian state hackers hijacked Iranian security services' hacking tools and infrastructure to attack governments and organisations across the world.

Advisories jointly released by UK and US intelligence claimed that the Russian group called 'Turla', also known as Venomous Bear, Snake and Group 88, had used the tools and infrastructure of Iranian threat group APT34 to attack government organisations in at least 20 countries over the past 18 months.

After gaining access to APT34's tools, Turla used Iranian hackers' command and control systems to deploy its own malicious code.

Turla used implants derived from the suspected Iran-based hacking groups' previous campaigns, 'Neuron' and 'Nautilus'.

While intelligence officials have no evidence of any collusion between Turla and APT34, they said that Turla hijacked APT34's infrastructure to "masquerade as an adversary which victims would expect to target them".

"Turla used implants derived from the suspected Iran-based hacking groups' previous campaigns, 'Neuron' and 'Nautilus'. In order to acquire these tools and access the infrastructure, Turla also compromised the suspected Iran-based hacking groups", claimed the UK National Cyber Security Centre (NCSC).

A spokesman for the Russian embassy in London stated on the organisation’s website that these publications are “an unsavoury interpretation of a concise report of the British National Cyber Security Centre and the American National Security Agency”.

The Russian embassy spokesman described the media reports as an attempt to "drive a wedge" between Russia and Iran.

The spokesperson added that no security agency had accused Russia or Russian citizens of carrying out cyber-attacks against their country. We think that was sort of the point.

 

Last modified on 28 October 2019
Rate this item
(0 votes)