The timeline of incidents, and the behavior of Turla in actively scanning for Iranian backdoors, indicates that while Neuron
and Nautilus tools were Iranian in origin, Turla were using these tools and accesses independently to further their own
intelligence requirements. The behavior of Turla in scanning for backdoor shells indicates that although they had a
significant amount of insight into the Iranian tools, they did not have full knowledge of where they were deployed.
While attribution of attacks and proving authorship of tools can be very difficult – particularly in the space of incident
response on a victim network – the weight of evidence demonstrates that Turla had access to Iranian tools and the ability
to identify and exploit them to further Turla’s own aims.
NSA-NCSC Joint Advisory
Identifying those responsible for attacks can be very difficult, but the weight of evidence points towards the Turla group being behind this campaign. We want to send a clear message that even when cyber actors seek to mask their identity, our capabilities will ultimately identify them.
Paul Chichester NCSC
Our main intent right here is to point out that there’s a lot of false flagging going on out there and we want to make sure our national security systems that we’re trying to defend are aware.
Doug Cress NSA
24.10.2019
Response by the Embassy spokesperson to a media question regarding publications in the British press regarding the alleged malicious activities of “Russian hacker groups”
Question: How would you comment on a British media report that “Russian hackers” are responsible for attempts to hack the resources of government, military and research organizations in 35 countries for intelligence purposes?
Answer: These publications are an unscrupulous interpretation of a brief report by the British National Cybersecurity Center and the US National Security Agency. The special services themselves do not bring any charges against Russia and Russian citizens. We are only talking about “suspicions” that the hacker group “Turla” “is based on the territory” of our country. It is noteworthy that the authors of the report, filling out the document with numerous technical details regarding the methods of carrying out cyberattacks, do not report which organizations suffered from such malicious actions and in which countries this happened. It is only asserted that the Iranian infrastructure was allegedly used to carry out the attacks, and this fact is again unscrupulously used by the media for trying to drive a wedge between Russia and Iran.
In this regard, we would like to remind once again that the Russian side has repeatedly proposed to British colleagues to organize a bilateral expert dialogue with the aim of removing concerns in the cyber sphere, if they really exist. So far, we have not received an answer.
24 октября 2019 года, 17:50
Tra gli obiettivi delle dichiarazioni alla stampa c'era proprio quello di evitare questo tipo di reazione. In mancanza di prove i russi non solo possono sottrarsi alle loro responsabilità ma riescono a costruire una contronarrazione che getta discredito sull'accusatore.
Nessuno degli esperti che si sono occupati di Turla (uno studio recente di Symantec ha evidenziato obiettivi e territori presi di mira) ha avuto modo di verificare il weight of evidence svelato dall'indagine. Al momento non sembra esserci comunque motivo di dubitare della portata dell'operazione.
Il fatto che gli hackers russi (noti per essere in orbita GRU-FSB) si siano serviti solo in parte delle strutture iraniane, e che gli iraniani non si sarebbero accorti di quanto stava accadendo, porta a pensare che non vi sia stata premeditazione politica. Solitamente queste operazioni sono costruite per creare confusione e permettere agli apparati russi di portare avanti campagne di disinformazione.
L'alto livello di sofisticazione raggiunto a livello tecnico potrebbe nel futuro accompagnarsi ad un coordinamento tale da agire in maniera mirata e consapevole contro alleati ed avversari. La confusione generata nei referenti politici governativi, oltre che tra la popolazione, complicherebbe ulteriormente gli scenari che vedono la Russia protagonista.
Nessun commento:
Posta un commento