The United States and the UK said Monday they had exposed how a group of Russian hackers hijacked the tools of their Iranian counterparts to attack dozens of countries around the world.
The so-called Turla group, also known as Waterbug or Venomous Bear, is widely reported to be associated with Russian state actors. The US National Security Agency and Britain’s National Cyber Security Center said Monday that Turla acquired control of the tools and infrastructure of Iranian hacking groups for their attacks in an attempt to mask their identity.
The attacks extracted documents from multiple sectors, including governments, and were mostly carried out in the Middle East. The UK NCSC advisory report on the attacks did not specify whether Israel was targeted.
Paul Chichester, the NCSC’s director of operations, said Monday: “Turla acquired access to Iranian tools and the ability to identify and exploit them to further their own aims.”
“We want to send a clear message that even when cyber actors seek to mask their identity, our capabilities will ultimately identify them,” he said.
Chichester said the attack was of a level of sophistication he had not previously encountered.
Russia has been accused of multiple hacking operations and fake news campaigns targeting Western nations amid attempts to destabilize democracies and further Moscow’s interests.
The US intelligence community has concluded that Russia interfered in the 2016 election in order to help boost US President Donald Trump’s chances of winning the presidency.