Russian cyber spies likely hijacked Iranian APT group's infrastructure to deliver backdoor

In early 2018, the Russian APT group Turla likely hijacked the command-and-control infrastructure of Iranian cyberespionage group OilRig, in order to deliver a custom backdoor to its intended victim, according to researchers. The unusual attack took place during one of three Turla campaigns over the last 18 months that experts from Symantec chronicled in a blog post late last week. Collectively, the three campaigns targeted 13 organisations in the government, education and IT/communications sectors, across five global regions. Also known as Waterbug (as well as Snake and Venomous Bear), Turla was aided in its operations by a combination of newly discovered custom malware, modified open-sourced hacking tools, and legitimate administration tools. Victims included Ministries of Foreign Affairs in Latin America, the Middle East, Europe and South Asia; unnamed government organisations in the Middle East and Southeast Asia; IT/comm tech organisations in the Middle East, two European countries and a South Asia country; a multinational organisation in the Middle East; and an educational institution in Southern Asia.