Russia-Linked Hackers Hijack Infrastructure of Iranian Threat Group
A new Symantec report sheds light on the recent activity of Turla (aka Waterbug, KRYPTON, Venomous Bear), a Russia-linked cyber-espionage group. Since early 2018 the group has launched at least three distinct campaigns that all relied on different tools. The attacks have targeted 13 organizations, including government agencies, across 10 countries.
One particularly interesting finding is the fact that Turla seems to have taken over the infrastructure of OilRig (aka APT34, Crambus), which is also an advanced persistent threat group, but one linked to the Iranian regime. According to the researchers, “this is the first time Symantec has observed one targeted attack group seemingly hijack and use the infrastructure of another group. However, it is still difficult to ascertain the motive behind the attack.”
For further reading on this topic we recommend: