This article was originally published by Radio Free Europe/Radio Liberty and is reprinted with permission.
British and U.S. intelligence agencies say Russian hackers hijacked Iran-based cyberspy groups to attack dozens of countries and organizations while pretending to be Iranian.
The details of the operation were revealed in an October 21 statement accompanying a joint advisory by Britain’s National Cyber Security Center (NCSC) and the U.S. National Security Agency (NSA).
The Russian hacking group known as Turla “acquired Iranian tools and infrastructure” to conduct attacks against government departments, scientific organizations, and universities in more than 35 countries, the statement said.
The majority of the targeted entities was based in the Middle East, but the hacking campaign also hit organizations in Britain.
The cyberattacks would appear to the victims to be Iranian in origin, but the NCSC revealed that the real culprits were based in Russia.
“We want to send a clear message that even when cyber actors seek to mask their identity, our capabilities will ultimately identify them,” said Paul Chichester, the NCSC’s director of operations.
Russian and Iranian officials did not immediately comment on the allegations. Both countries have repeatedly denied conducting hacking operations against countries around the world.
The NCSC did not directly attribute the attacks to the Russian state, but the Turla group, also known as Waterbug or VENOMOUS BEAR, has previously been accused by others of operating on behalf of Russia’s federal security service (FSB).