Russian hackers hid their efforts to attack organisations in the UK and other countries around the world by pretending to be a rival Iranian hacking group.
A Russian hacking group dubbed “Turla”, which has been linked to Russia’s FSB agency, hacked into Iranian servers to mask attacks against more than 35 different countries over the last 18 months, British and American security officials have said.
The hacking campaign was revealed on Monday by the UK’s National Cyber Security Centre (NCSC) along with the American National Security Agency.
The Russian hacking group’s targets were not disclosed by the security services, but the NCSC has said that the group has previously hacked into “government, military, technology, energy and commercial organisations.”
Most of the victims of the hacking campaign were in the Middle East, security officials said on Monday. Hacked organisations included universities and scientific organisations.
Disguising the origin of cyberattacks is a common tactic used by hacking groups to avoid political responses such as sanctions and to cause further confusion amongst their targets.
The NCSC said on Monday that the Russian hacking group went beyond mimicking Iranian hackers and actually broke into the rival hacking group’s infrastructure, taking over its servers to mask its hacking attempts.