General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsRussian Hackers Masquerading as Iranian Hackers
Russian Hackers Masquerading as Iranian Hackers
October 21, 2019 at 12:24 pm EDT By Taegan Goddard 43 Comments
https://politicalwire.com/2019/10/21/russian-hackers-masquerading-as-iranian-hackers/
"SNIP.....
Financial Times: A Russian cyber espionage unit has hacked Iranian hackers to lead attacks in more than 35 countries, a joint UK and US investigation has revealed. The so-called Turla group, which has been linked with Russian intelligence, allegedly hijacked the tools of Oilrig, a group widely linked to the Iranian government.
.....SNIP"
dewsgirl
(14,961 posts)Wellstone ruled
(34,661 posts)posted something to that effect about two years ago. That was during Trumps pulling us out of our Join Agreement on Nukes.
Beakybird
(3,333 posts)Now I know who to blame for my hacking cough!
BumRushDaShow
(129,612 posts)This thing about "Iranian hackers" was entirely unbelievable.
Blue_true
(31,261 posts)systems. That has been documented.
But it makes sense for Russian hackers to steal the Iranians' hacking tools, that way the Russian hackers can make attacks and if they get caught, it initially (and permenently if the people that catch them are not sophisticated) the attacks are blamed on Iran.
BumRushDaShow
(129,612 posts)but considering how well we had hacked into their systems, it seems that whatever was going on was not initiated by them, particularly given what was being targeted on our end and why.
Blue_true
(31,261 posts)initiate the hacks that were detected. But the article pointed out that the Russians stole the Iranians' hack signature, one would guess because if caught, the Russians wanted to have a decoy in place.
BumRushDaShow
(129,612 posts)It sounds like these hack groups apparently use certain tactics and software that form a unique "signature" for their work. For example, the use of certain toolkits/rootkits for Russia's "Fancy Bear" and "Cozy Bear" hackers was discovered back in 2016 -
Sam Thielman and Spencer Ackerman
Fri 29 Jul 2016 06.00 EDT
Last modified on Fri 14 Jul 2017 14.58 EDT
/snip
A key characteristic of Bear attacks and high-quality attacks from many seasoned intruders appears to be its adroit disguise of malicious files. In another operation, a group Kaspersky believes to be Cozy Bear sent highly relevant and well-crafted content such as PDFs about Ukraine possibly joining Nato to people who would open them and find them interesting without becoming suspicious. Sophisticated users who would spot a YovTube.com address or an amateurish website inviting them to type in a login might eagerly open an official-seeming white paper.
Fancy Bear has its own signatures: its identifiable suite of tools has, since 2007 or perhaps even 2004, been updated with the frequency of a software company, according to security firm FireEye. FireEye gave all the tools names Sourface, Chopstick and Eviltoss, among others and described them as demonstrating formal coding practices indicative of methodical, diligent programmers.
Rather than send its malware broadly, a pattern used by hackers who hope a fraction of their recipients will click on a dubious link, Fancy Bear sends them to specific users, in a pattern Gidwani said indicates reconnaissance on its targets. Microsoft reported that Fancy Bear finds unsuspecting users both by sifting through social media and other online data for associations with its target say, a LinkedIn page that lists the DNC as an employer and also by meticulously cataloging the data it has stolen in previous hacks.
They customize their attack to thrive in that environment, said Gidwani. Somebody who could do that has resources, has time and a test environment to try all the stuff out to make sure theyve got the right package theyre going to deploy. Those are hallmarks of nation-state operations. Criminals are going to hit a million people in the hope that they get a hundred.
https://www.theguardian.com/technology/2016/jul/29/cozy-bear-fancy-bear-russia-hack-dnc
If you know some other group's tactics and have their software, you can mimic how they operate as disguise and deflection.