Russian hackers hijacked tools and disguised as Iranian spies to attack more than three dozen nations, including Britain and the United States, both governments announced Monday.
The U.S. National Security Agency and London’s National Cyber Security Center said the hackers originated with the Russian-based Turla group, also known as Snake and Uroburos. Officials said they used stolen Iranian tools and infrastructure for the attacks to remain hidden.
The Turla group effectively hijacked the Iranian-based OilRig hacking group, the agencies said, to spy on 35 governments — many of which are in the Middle East.
The attacks targeted military, technology, energy and commercial operations, authorities said.
“Victims, the majority of whom were based in the Middle East, saw documents extracted from various sectors, including governments,” the agencies said in a joint statement.
Officials said they determined the hackers were Russian through Internet protocol addresses. The Turla group may have taken over a system previously compromised by Iranian hackers, they noted.
“Identifying those responsible for attacks can be very difficult, but the weight of evidence points towards the Turla group being behind this campaign,” said Brtain’s NCSC director of operations Paul Chichester. “We want to send a clear message that even when cyber actors seek to mask their identity, our capabilities will ultimately identify them.”
The agencies said the investigation began two years ago when London officials started looking into a cyberattack against a British academic institution.