Russian cyber espionage group hijacking satellite internet links to hide activities
11 Sep 2015
Security researchers had discovered that a Russian cyber espionage group had been hijacking satellite-based internet links to hide its activities, which included stealing information from diplomats and government agencies around the world.
Kaspersky Lab said a sophisticated group of hackers from Russia called 'Turla' has been quietly using satellite-based internet links to conduct its business, as it was much easier to avoid detection.
According to experts when it came to hackers, there were several types, with some in it for the money like notorious spam king Sanford Wallace, others for political activism like Anonymous, and then there were the state-sponsored hackers who attacked other countries for government agencies like the NSA.
Turla, a Russian-speaking group had been operating for almost a decade. The group ran advanced persistent threat (APT) attacks that covertly targeted specific organisations, nations and businesses using command-and-control systems to monitor and slowly extract data from the target.
This was often accomplished by infecting computers with malware that could perform a myriad of functions, including exploiting undisclosed zero-day security flaws to find a backdoor into a network, cracking administrator passwords, or spear phishing, where emails masquerading as a reputable bank or online service tricked users into revealing their account passwords and credit card details.
Kaspersky's latest report deals with the hackers known as the Turla group, Snake or Uroburos, who are well-known in cybersecurity circles. The group had used satellites to hide its location and kept its servers from being taken down by governments or Internet providers.
Kaspersky's first findings on Turla followed a March 2014 report by the German cybersecurity firm G Data that linked the group to the 2008 attack on the US Department of Defense and suggested it might have been working for the Russian government.
In an immediate reaction, Kaspersky Lab said it had become "aware of the Turla cyber espionage campaign in March 2013" and had discovered the link between the software the hackers used and the worm used to penetrate the Pentagon.
It failed to mention a possible Russian government connection. Further, the summaries of subsequent Kaspersky findings about the hackers, though the selection of targets for the cyberattacks, including Ukrainian, Georgian and Western government offices provided telltale clues about the identity of the hackers' client.