Monday 21 October 2019 1:30 pm

Russian cyber criminals hack Iranian hackers to disguise attacks

A Russian cyber crime group hacked into a rival Iranian outfit so that it could carry out attacks in disguise, an investigation by cyber spooks has revealed.

The so-called Turla group took control of tools and infrastructure belonging to an Iranian organisation known as Oilrig before launching cyber attacks on more than 35 countries.

Read more: Avast boosts cyber security sales to $218m

The scheme meant that the attacks appeared to originate in Iran, according to evidence uncovered during a two-year probe by the National Cyber Security Centre (NCSC) – a division of GCHQ – and the US National Security Agency.


The investigation revealed that Turla broke into Oilrig’s system and pilfered its cyber attacking methods. Initially, many of the victims had previously been targeted by the Iranian group, but the Russian hackers also carried out their own attacks.

“Identifying those responsible for attacks can be very difficult, but the weight of evidence points towards the Turla group being behind this campaign,” said Paul Chichester, NCSC director of operations.

“We want to send a clear message that even when cyber actors seek to mask their identity, our capabilities will ultimately identify them.”

Read more: Government taps UK tech firm Arm as it unveils £50m cyber fund

Turla, which is also known as Waterbug or Venomous Bear, has carried out numerous attacks on government, military and commercial organisations, and is widely reported to be linked to Russia.

Cyber criminals are increasingly using so-called false flag tactics in a bid to mimic other groups and hide their true identity. However, the investigation showed Turla’s attack used more sophisticated methods than mere imitation, as it broke through the defences of a rival group.

Main image credit: Getty

Share