Russian hackers masquerading as an actual Iranian cyber-espionage operation attacked government and industry organizations in dozens of countries, British and U.S. officials accused on Monday, according to BBC News.
The Russian group, known as “Turla”, is said to have used Iranian tools and computer infrastructure to successfully hack in to organizations in at least 20 different countries over the last 18 months, according to British security officials. The group has previously been accused by some European countries of working for Russia’s state security agency, FSB.
Paul Chichester, a senior official at Britain’s GCHQ intelligence agency, said the operation shows state-backed hackers are working in a “very crowded space” and developing new attacks and methods to better cover their tracks.
Intelligence officials said there was no evidence of collusion between Turla and its Iranian victim, a hacking group known as “APT34” which cybersecurity researchers at firms including FireEye say works for the Iranian government.
Rather, the Russian hackers infiltrated the Iranian group’s infrastructure in order to “masquerade as an adversary which victims would expect to target them,” said GCHQ’s Chichester.
In a statement accompanying a joint advisory with the U.S. National Security Agency (NSA), GCHQ’s National Cyber Security Centre said it wanted to raise industry awareness about the activity and make attacks more difficult for its adversaries.
“We want to send a clear message that even when cyber actors seek to mask their identity, our capabilities will ultimately identify them,” said Chichester, who serves as the NCSC’s director of operations.
Russia and Iran did not immediately respond to requests for comment sent on Sunday. Moscow and Tehran have both repeatedly denied Western allegations over hacking.