(Photo : Lorenzo Cafaro | Pixabay ) A two-year investigation revealed that the Turla cyber-espionage group masquaraded as Iran's Oilrig when they attacked governments and organizations in more than 35 countries. The cyberattack victims were mainly based in the Middle East.

A Russian hacker group associated with Russia's principal security agency has reportedly masqueraded as Iranian hackers during attack operations in dozens of countries over the last 18 months.

Turla Masquerades As Iranian Hackers

A joint investigation by authorities in the United States and the United Kingdom revealed that the Russian group Turla hijacked the tools used by Iranian hackers known as Oilrig, which is widely associated with the Iranian government, to attack government and industry organizations in more than 35 countries.

Security officials involved in the two-year investigation led by UK's National Cyber Security Center and in collaboration with the United States National Security Agency said that the Iranian group is likely unaware that its hacking methods have been hacked and deployed by another cyber-espionage team, which masqueraded as attackers from the Islamic Republic.

Victims of the cyberattacks were mainly based in the Middle East, but they also include military establishments, scientific organizations, government departments and universities around the globe.

Represents Changes In Modus Operandi Of State-Backed Hackers

Paul Chichester, a senior official at the GCHQ intelligence agency in the UK, said that the operation revealed that state-backed hackers are developing new attacks and methods to better cover their tracks.

He said that Turla's activity represents the changes in the modus operandi of cyber actors that add to the confusion over which state-backed cyber groups have been responsible for attacks.

He said that Turla started to piggyback on Oilrig's attacks by monitoring an Iranian attack close enough it can use the same backdoor route into a targeted organization or gain access to the resulting intelligence.

The group then moved to initiate its attacks using Oilrig's own command-and-control infrastructure and software.

"It allowed them to gain more rapid access to victims than they would otherwise have done," Mr. Chichester said. "This is an opportunistic operation which has given [Turla] a wealth of information and access they wouldn't otherwise have had."

ⓒ 2021 All rights reserved. Do not reproduce without permission.