A report by the UK’s National Cybersecurity Center (NCSC) and the United States National Security Agency (NSA) reported that the Turla hacker, allegedly associated with “Russian entities,” hacked Iranian hackers' software for cyber espionage and attacks on government and industry organizations in dozens of countries . The contents of the document are published on the NCSC website.
“We want to make it clear that even if those who operate in cyberspace are trying to hide their identities, our (technical. - RT ) capabilities will ultimately allow them to be calculated,” says NCSC, Director of Operations, British National Cybersecurity Center, Paul Chichester.
According to him, Russian hackers broke into the infrastructure of the Iranian group in order to “impersonate those from whom potential victims expect hostile actions against them.”
The report also notes that the agency did not find evidence of collusion between Turla and the hacker group APT34, allegedly working for the Iranian government. It is reported that the Turla hacker group allegedly was able to gain access to the Iranian infrastructure and used the APT34 management and control system to deploy its own malicious code.
It is alleged that according to the British intelligence services, a hacker campaign, the scale of which has not been previously disclosed, was most actively carried out in the Middle East, while having its purpose and organization in the UK. No evidence of cyber attacks is provided.
- UK National Cybersecurity Center
- © Ray Tang
However, the Iranian government said they did not have information about the hackers of the Turla group. This was announced by an official representative of the Iranian government Ali Rabiya during a press conference, answering the corresponding question of the journalist.
According to political analyst Alexander Asafov, the attachment of the Turla hacker group to “Russian entities” is deliberately carried out by London and Washington, in order to “maintain an anti-Russian propaganda focus.”
“This report shows that the UK and the US are scrupulously looking for a Russian trace at least in some way, to once again blame Moscow. Moreover, there is evidence that, despite the Russian-speaking composition of the hacker group Turla, its traces lead to citizens of Estonia and the Czech Republic. The nature and direction of the cyber attacks they carry out does not overlap with the matrix of political interests of Russia or the more notorious “interference” of Moscow in the internal affairs of other countries, which the Russian side is often accused of without evidence, ”the analyst said in an interview with RT.
Asafov also pointed out that a hacker group could be associated with "industrial espionage."
“Even Western companies do not see any Russian link in Turla’s actions. But it’s not important for the propaganda of Britain and the USA, ”the expert said.
Asafov added that by publishing such a report, London seeks to “support the image of bad Russia that he has already created” and wants to distract ordinary citizens from problems within the UK.
- Demonstrators holding signs against Brexit, London, October 19, 2019.
- © Niklas Halle'n
“We have witnessed another round of national shame called Brexit, and the British authorities are trying to shift the focus of attention of British citizens to aspects of the international agenda,” the analyst said.
A similar opinion is shared by the corresponding member of the Academy of Military Sciences Sergey Sudakov. According to him, London "it would now be profitable to arrange a provocation."
This is not the first time Washington and London have blamed Russia for cyber attacks on US and UK infrastructure.
So, in September, the head of the US Department of Defense, Mark Esper, said during the second annual national conference on cybersecurity that "Russia, Iran, China and the DPRK see cyber warfare as a way of counteracting the United States." At the same time, the head of the Pentagon said that the Russian Federation and China are "strategic competitors" of the American side. A similar thesis was featured in the report of the US Department of Homeland Security, where Russia, China and Iran are called “adversaries,” who use cyber opportunities to undermine infrastructure, democratic values and steal US secretariats.
Recall that in the spring, the Atlantic Council * at the United States Congress once again accused Moscow of a hacker attack on the Democratic Party’s servers and the spread of the NotPetya virus, without providing any evidence of Russia's involvement in the incident.
Similar allegations were made at the British Foreign Office. According to Lord Ahmad Wimbledonsky, the Minister for Commonwealth and UN Affairs in the British Foreign Ministry, “the Russian authorities, in particular the Russian military,” are responsible for the cyber attack of the NotPetya virus in June 2017.
As noted by Alexander Asafov, reports of cybercrime for British and American politicians is a "universal tool."
“You can publish any fabricated set of numbers and say that this is evidence of interference, and London and Washington do just that. For example, Democrats in the USA still have not shown a server supposedly hacked by Russian legendary hackers. And there is a big question whether it really exists. However, this does not prevent Washington from claiming that Russia “interfered” in the 2016 US elections, ”the expert explained.
- US Defense Secretary Mark Esper
- © Erin Scott
Asafov also pointed out that such statements and reports are "exclusively political in the framework of the information war against the Russian Federation."
“NSA data are unproven and politically biased. And the UK National Cybersecurity Center is the generator of such allegations, but it does not have a wide technical infrastructure. And in this case, the NSA uses the link to cooperation as a reputation maneuver, wishing to give the report more significance, ”the analyst said.
“Harden policy against Tehran”
At the same time, Iran, like Russia, is not the first time to be a central figure in Washington’s stories of "hacker attacks."
So, in early October, the American corporation Microsoft said that allegedly Iranian hackers launched an attack against the political establishment of the United States and a number of other individuals with the aim of "interference" in the 2020 presidential election.
“Today we are reporting on the recent significant cyber-activity that we have been observing from a hacker group called Phosphorus, which, in our opinion, was created in Iran and is associated with the Iranian government ... Over the 30 days of observation between August and September of this year, the Microsoft Threat Intelligence Center found that Phosphorus has made more than 2,700 attempts to identify email accounts belonging to certain Microsoft clients, and then attacked 241 of these accounts, ”the company said in a statement.
It is also clarified that the attack involved persons associated with the American election race, current and former government officials, international journalists and “prominent figures from Iran” who live outside Iran.
- © Simon Dawson
Sergey Sudakov does not exclude that the next incident related to hacker attacks will also be blamed on Iranian and Russian hackers, allegedly connected with the authorities of the Russian Federation and Iran.
“The publication of such reports is part of a political campaign to create in the minds of ordinary citizens the conviction that Russia and Iran really have powerful groups of specialists who can“ intervene ”in elections or commit other illegal actions not in US interests,” the expert said.
According to Sudakov, a new report by London and Washington is designed to demonstrate that the United States and Great Britain regularly come up with accusatory statements against Moscow and Tehran.
“In this way, they show ordinary citizens that their words allegedly have a rationale,” the expert explained.
At the same time, Sudakov did not rule out the possibility that, against the background of these reports, London and Washington "may further harden their policy towards Tehran."
* “Atlantic Council” - an organization whose activity is recognized as undesirable in the territory of the Russian Federation by decision of the General Prosecutor's Office of July 25, 2019.