Hacking the hackers: Russian group hijacked Iranian spying operation, officials say

The Russian group used Iranian tools and computer infrastructure to successfully hack in to organizations in at least 20 different countries over the last 18 months. (Reuters)
Updated 21 October 2019

Hacking the hackers: Russian group hijacked Iranian spying operation, officials say

  • The Russian group has used Iranian tools and computer infrastructure to successfully hack in to organizations in at least 20 different countries over the last 18 months
  • The hacking campaign was most active in the Middle East but also targeted organizations in Britain

LONDON: Russian hackers piggy-backed on an Iranian cyber-espionage operation to attack government and industry organizations in dozens of countries while masquerading as attackers from the Islamic Republic, British and US officials said on Monday.
The Russian group, known as “Turla” and accused by Estonian and Czech authorities of operating on behalf of Russia’s FSB security service, has used Iranian tools and computer infrastructure to successfully hack in to organizations in at least 20 different countries over the last 18 months, British security officials said.
The hacking campaign, the extent of which has not been previously revealed, was most active in the Middle East but also targeted organizations in Britain, they said.
Paul Chichester, a senior official at Britain’s GCHQ intelligence agency, said the operation shows state-backed hackers are working in a “very crowded space” and developing new attacks and methods to better cover their tracks.
In a statement accompanying a joint advisory with the US National Security Agency (NSA), GCHQ’s National Cyber Security Center said it wanted to raise industry awareness about the activity and make attacks more difficult for its adversaries.
“We want to send a clear message that even when cyber actors seek to mask their identity, our capabilities will ultimately identify them,” said Chichester, who serves as the NCSC’s director of operations.
Officials in Russia and Iran did not immediately respond to requests for comment sent on Sunday. Moscow and Tehran have both repeatedly denied Western allegations over hacking.
Western officials rank Russia and Iran as two of the most dangerous threats in cyberspace, alongside China and North Korea, with both governments accused of conducting hacking operations against countries around the world.
Intelligence officials said there was no evidence of collusion between Turla and its Iranian victim, a hacking group known as “APT34” which cybersecurity researchers at firms including say works for the Iranian government.
Rather, the Russian hackers infiltrated the Iranian group’s infrastructure in order to “masquerade as an adversary which victims would expect to target them,” said GCHQ’s Chichester.
Turla’s actions show the dangers of wrongly attributing cyberattacks, British officials said, but added that they were not aware of any public incidents that had been incorrectly blamed on Iran as a result of the Russian operation.
The United States and its Western allies have also used foreign cyberattacks to facilitate their own spying operations, a practice referred to as “fourth party collection,” according to documents released by former US intelligence contractor Edward Snowden and reporting by German magazine Der Spiegel.
GCHQ declined to comment on Western operations.
By gaining access to the Iranian infrastructure, Turla was able to use APT34’s “command and control” systems to deploy its own malicious code, GCHQ and the NSA said in a public advisory.
The Russian group was also able to access the networks of existing APT34 victims and even access the code needed to build its own “Iranian” hacking tools.


Somalia struggles after worst flooding in recent history

Updated 20 min 4 sec ago

Somalia struggles after worst flooding in recent history

  • At least 10 people went missing when their boat capsized after the Shabelle river burst its banks
  • More than 250,000 people across Somalia were displaced by the recent severe flooding
MOGADISHU, Somalia: Ahmed Sabrie woke up to find his house half-submerged in fast-rising flood waters.

Frightened and confused, he herded his sleepy family members onto the roof of their home in central Somalia as scores of thousands of people in the town, Beledweyne, scrambled for their lives. Clinging to an electric power pylon by the edge of their roof, the family watched as their possessions were washed away.

“I could hear people, perhaps my neighbors, screaming for help but I could only fight for the survival of my family,” the 38-year-old Sabrie, the father of four, recalled.

As one of his children, unfed, wailed the family waited for more than 10 hours before a passing rescue boat spotted them.

Authorities have not yet said how many people died in the Somalia flooding last month, the country’s worst in recent history and the latest reminder that the Horn of Africa nation must prepare for the extremes expected to come with a changing climate.

At least 10 people went missing when their boat capsized after the Shabelle river burst its banks. Local officials have said at least 22 people in all are presumed dead and that toll could rise.

“This is a catastrophic situation,” Mayor Safiyo Sheikh Ali said. President Mohamed Abdullahi Mohamed, who visited the town and waded through submerged areas, called the devastation “beyond our capacity” and pleaded for more help from aid groups.

With no proper emergency response plan for natural disasters, local rescuers used rickety wooden dhows to reach trapped people while helicopters provided by the United Nations plucked people from rooftops. African Union and Somali forces have joined the rescue operations and the Somali government airlifted food.

“Many people are still trapped in their submerged houses and we have no capacity and enough equipment to cover all areas,” said Abdirashakur Ahmed, a local official helping to coordinate rescue operations. Hundreds are thought to still be stuck.

With more heavy rains and flash flooding expected, officials warned thousands of displaced people against returning too quickly to their homes.

More than 250,000 people across Somalia were displaced by the recent severe flooding, according to the Norwegian Refugee Council.

Beledweyne town was the worst affected. Several thousand people were sheltering under trees or in tents.

“Floods have destroyed more than three-quarters of Beledweyne and submerged many surrounding villages,” said Victor Moses, the NRC’s country director.

Aid groups said farms, infrastructure and roads in some areas were destroyed. The destruction of farmland near rivers is expected to contribute to a hunger crisis.

The possibility of further damage from heavy rains in the coming days remains a concern, according to the International Organization for Migration.

Parts of the Lower Juba, Gedo and Bay regions, where IOM has supported displaced populations for years, have been affected. Many displaced people were stranded without food, latrines or shelter.

“In Baidoa, people have moved to high ground where they are in immediate need of support,” said Nasir Arush, the minister for humanitarian and disaster management for South West State.

Survivors like Sabrie now must struggle to rebuild their lives.

“We’re alive, which I am thankful to Allah for, but this flood disaster wreaked havoc on both our livelihoods and households so I see a tough road ahead of us,” he said from a makeshift shelter built on higher ground outside town.