Russian hackers piggybacked on Iranian groups to attack others

London: In a bizarre case of cyberattacks, Russian hackers first targeted Iran-based groups and acquired their tools and infrastructure to conduct attacks on dozens of countries, security officials in the UK and US revealed on Monday.

Advisories published by the UK's National Cyber Security Centre (NCSC) and US National Security Agency (NSA) have shown that the group targeted victims and adopted techniques used by suspected Iran-based hacking groups.

The attacks against more than 35 countries would appear to the victims to be Iranian in origin, but the investigation revealed that this was not the case.

Victims saw documents extracted from various sectors, including governments.

Majority of the victims were based in the Middle East, the investigation found.

The Russian group, known as "Turla", used implants derived from the suspected Iran-based hacking groups' previous campaigns, "Neuron' and "Nautilus".

In order to acquire these tools and access the infrastructure, Turla also compromised the Iran-based hacking groups themselves.

"Identifying those responsible for attacks can be very difficult, but the weight of evidence points towards the Turla group being behind this campaign," Paul Chichester, NCSC's Director of Operations, said in a statement.

"We want to send a clear message that even when cyber actors seek to mask their identity, our capabilities will ultimately identify them.

"Turla acquired access to Iranian tools and the ability to identify and exploit them to further their own aims," Chichester said.

Turla regularly collects information by targeting government, military, technology, energy and commercial organisations, NCSC said.