PerspectiveA Brief History of Russian Hackers' Evolving False Flags
Deception has always been part of the hacker playbook, Andy Greenberg writes in Wired. “But it’s one thing for intruders to hide their tracks, and another to adopt an invented identity, or even frame another country for a cyberattack. Russia’s hackers have done all of the above, and now have gone one step further. In a series of espionage cases, they hijacked another country’s hacking infrastructure and used it to spy on victims and deliver malware.”
Deception has always been part of the hacker playbook, Andy Greenberg writes in Wired. “But it’s one thing for intruders to hide their tracks, and another to adopt an invented identity, or even frame another country for a cyberattack. Russia’s hackers have done all of the above, and now have gone one step further. In a series of espionage cases, they hijacked another country’s hacking infrastructure and used it to spy on victims and deliver malware.”
On Monday, the NSA and Britain’s GCHQ published warnings that a Russian hacker group known as Turla or Waterbug has for years carried out a convoluted new form of espionage: It took over the servers of an Iranian hacker group, known as OilRig, and used them to advance Russia’s aims.
Greenberg writes:
While Symantec and other cybersecurity firms had spotted Turla’s piggybacking earlier this year, the US and UK intelligence agencies have now outlined the operation’s sheer scale. The Russian team spied on victims in 35 countries, all of whom might have believed on first inspection that the intruders were instead Iranian. “We want to send a clear message that even when cyber actors seek to mask their identity, our capabilities will ultimately identify them,” according to the statement from Paul Chichester, the NCSC’s director of operations.
But while Turla was ultimately unmasked, the operation adds a new dimension of uncertainty for digital investigators. More broadly, it shows the fast-evolving nature of how hackers hide behind false flags.
