According to the Financial Times, a joint UK and US investigation revealed that Russia-linked
In 2018, the US intelligence agencies reported that Russian state-sponsored hackers used false flag attacks to hit the Winter Olympics in Pyeongchang, South Korea. At the time the hackers introduced lines of code in their malware associated with North-Korea linked Lazarus Group.
The Turla APT group (aka Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) has been active since at least 2007 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations.
The list of previously known victims is long and includes also the Swiss defense firm RUAG, US Department of State, and the US Central Command.
Experts involved in the investigation believe that the
Multiple attacks targeting of Middle Eastern financial, energy and government, lead FireEye to assess that those sectors are a primary concern of APT34.
The two-year investigation was conducted by the UK’s National Cyber Security Centre in collaboration with the US’ National Security Agency.
The experts believe that the Iranian
Paul Chichester, director of operations at NCSC explained that this is a major change in the Turla TTPs aimed at making it hard the attribution of the attacks.
“We have never seen this done to the level of sophistication that we are seeing here,” Mr Chichester said. “It’s unique in the complexity and scale and sophistication. It’s actually really hard masquerading [as another entity].” “This is becoming a very crowded space and we do see people innovate quite rapidly in that domain,”
The Russian Government did not respond to a request for comment from the Financial Times, it always denied its involvement in cyber attacks on other states.
In June, Symantec researchers revealed that Russia-Linked
Experts at Symantec observed in the last eighteen months at least three distinct campaigns, each using a different set of hacking tools. In one campaign the attackers used a previously unseen backdoor tracker as Neptun (Backdoor.Whisperer), the malicious code is deployed on Microsoft Exchange servers and passively listen for commands from the attackers.
Experts noticed that in one attack, Turla hackers used the infrastructure belonging to another espionage group tracked as Crambus (aka
The three recent Turla campaigns targeted governments and international organizations worldwide.
| [adrotate banner=”9″] ||[adrotate banner=”12″]|