Hacking the hackers: Russian group hijacked Iranian spying operation, officials say

The Russian group used Iranian tools and computer infrastructure to successfully hack in to organizations in at least 20 different countries over the last 18 months. (Reuters)
Updated 21 October 2019

Hacking the hackers: Russian group hijacked Iranian spying operation, officials say

  • The Russian group has used Iranian tools and computer infrastructure to successfully hack in to organizations in at least 20 different countries over the last 18 months
  • The hacking campaign was most active in the Middle East but also targeted organizations in Britain

LONDON: Russian hackers piggy-backed on an Iranian cyber-espionage operation to attack government and industry organizations in dozens of countries while masquerading as attackers from the Islamic Republic, British and US officials said on Monday.
The Russian group, known as “Turla” and accused by Estonian and Czech authorities of operating on behalf of Russia’s FSB security service, has used Iranian tools and computer infrastructure to successfully hack in to organizations in at least 20 different countries over the last 18 months, British security officials said.
The hacking campaign, the extent of which has not been previously revealed, was most active in the Middle East but also targeted organizations in Britain, they said.
Paul Chichester, a senior official at Britain’s GCHQ intelligence agency, said the operation shows state-backed hackers are working in a “very crowded space” and developing new attacks and methods to better cover their tracks.
In a statement accompanying a joint advisory with the US National Security Agency (NSA), GCHQ’s National Cyber Security Center said it wanted to raise industry awareness about the activity and make attacks more difficult for its adversaries.
“We want to send a clear message that even when cyber actors seek to mask their identity, our capabilities will ultimately identify them,” said Chichester, who serves as the NCSC’s director of operations.
Officials in Russia and Iran did not immediately respond to requests for comment sent on Sunday. Moscow and Tehran have both repeatedly denied Western allegations over hacking.
Western officials rank Russia and Iran as two of the most dangerous threats in cyberspace, alongside China and North Korea, with both governments accused of conducting hacking operations against countries around the world.
Intelligence officials said there was no evidence of collusion between Turla and its Iranian victim, a hacking group known as “APT34” which cybersecurity researchers at firms including say works for the Iranian government.
Rather, the Russian hackers infiltrated the Iranian group’s infrastructure in order to “masquerade as an adversary which victims would expect to target them,” said GCHQ’s Chichester.
Turla’s actions show the dangers of wrongly attributing cyberattacks, British officials said, but added that they were not aware of any public incidents that had been incorrectly blamed on Iran as a result of the Russian operation.
The United States and its Western allies have also used foreign cyberattacks to facilitate their own spying operations, a practice referred to as “fourth party collection,” according to documents released by former US intelligence contractor Edward Snowden and reporting by German magazine Der Spiegel.
GCHQ declined to comment on Western operations.
By gaining access to the Iranian infrastructure, Turla was able to use APT34’s “command and control” systems to deploy its own malicious code, GCHQ and the NSA said in a public advisory.
The Russian group was also able to access the networks of existing APT34 victims and even access the code needed to build its own “Iranian” hacking tools.


Protesters hit Hong Kong commute as western powers urge restraint

Updated 3 min 18 sec ago

Protesters hit Hong Kong commute as western powers urge restraint

  • Small bands of masked protesters blocked roads, threw objects onto train tracks and held up subway trains
  • Hong Kong has endured 24 straight weeks of increasingly violent rallies aimed at securing greater democratic freedoms from China
HONG KONG: Hong Kong protesters struck the city’s transport network for a second day running on Tuesday as western powers voiced concern over spiraling violence after police shot a young demonstrator and another man was set on fire.
Small bands of masked protesters blocked roads, threw objects onto train tracks and held up subway trains, sparking cat and mouse clashes with riot police and renewed chaos on the morning commute.
Universities were also a flashpoint with police firing tear gas around at protesters who had blocked roads leading to the Chinese University of Hong Kong.
Masked activists outside Hong Kong University blocked a main road by dropping objects from a footbridge. Overnight, students there had clashed with police after officers made an arrest outside one of the university’s residences.
And at Polytechnic University clashes broke out as police tried to arrest a female student.
Owan Li, the student representative on the university’s governing body, said he was beaten by police as he tried to mediate.
“The officers were rather arrogant and unbridled,” Li said, sending pictures of bruises to his hand and leg.
“They said I was being aggressive and obstructing their work, then the six to seven of them dragged me out and gave me a round of beating and kicking.”
Hong Kong has endured 24 straight weeks of increasingly violent rallies aimed at securing greater democratic freedoms from China, which has ruled the city under a “one country, two systems” framework since its handover from the British in 1997.
The protesters are desperate to stop what they see as Beijing’s tightening control over Hong Kong, and reneging on its handover commitment to allow greater liberties for the city than those on the mainland.
On Monday the financial hub was convulsed by some of the worst violence yet as crowds reacted to the shooting of a 21-year-old protester by rampaging through train stations, barricading streets and vandalizing shops throughout the day and night.
Footage of the shooting — broadcast live on Facebook by a bystander — showed a police officer drawing a pistol as he tried to detain a masked person at a junction that had been blocked by protesters.
Another unarmed masked protester then approached the officer and was shot, quickly falling to the ground.
The video quickly went viral and inflamed already sky-high anger toward the police.
Protests raged for hours in multiple neighborhoods, including a lunchtime rally mostly made up of office workers in the city’s main commercial district, which was broken up by tear gas.
Horrifying footage also emerged of a man being doused with a flammable liquid and set ablaze by a masked assailant following an argument with pro-democracy protesters.
Both the man set alight and the shot protester remained in critical condition on Tuesday, hospital authorities said.
The violence prompted western powers to urge Beijing and Hong Kong leader Carrie Lam to find a compromise with protesters who are seeking greater democratic freedoms and police accountability.
“We condemn violence on all sides, extend our sympathies to victims of violence regardless of their political inclinations, and call for all parties — police and protesters — to exercise restraint,” State Department spokeswoman Morgan Ortagus said in a statement.
Britain said the latest violence was “deeply disturbing.”
“Political dialogue is the only way forward and we want to see the Hong Kong authorities agree a path to resolve this situation,” Downing Street said in a statement.
But there is little sign Beijing or Lam are willing to offer any political concessions.
As clashes raged on Monday, Lam said protesters were indulging in “wishful thinking” if they thought violence would achieve political change.
On Tuesday morning she gave another press conference criticizing protesters and praising people who tried to make it into work.
Lam has been either unable or unwilling to end the five-month political crisis as Beijing insists she takes a hard line.
In a leaked audio recording from September, Lam told business leaders her room for maneuver was “very, very, very limited” and that she “has to serve two masters” — a reference to Beijing.