Russian Turla Hackers Exploit Pakistani Hackers to Target Afghanistan and India
A Russian hacking group, Turla, has been found exploiting the servers of a Pakistani group, Storm-0156, to target Afghan government networks and Indian military systems. Since December 2022, Turla has used Storm-0156’s infrastructure to deploy its custom malware, TwoDash and Statuezy, for spying and data theft. This tactic, known for hijacking other hackers’ tools, allowed Turla to mask its identity and expand operations efficiently, showcasing their expertise in deception and cyber-espionage while complicating attribution efforts.
A significant cyber-espionage campaign has been uncovered, revealing how a Russian hacking group called Turla secretly took control of the servers of a Pakistani hacking group named Storm-0156. Using these compromised servers, Turla targeted Afghan and Indian organizations while hiding their identity and making it appear as though Storm-0156 was responsible.
What Happened?
Since December 2022, Turla gained access to the servers used by Storm-0156 to manage their hacking operations. By mid-2023, Turla was fully exploiting these servers to distribute their own malware:
- TwoDash: A tool designed to download harmful files.
- Statuezy: A spying program that monitors and logs information copied to a computer's clipboard.
By leveraging the infrastructure of Storm-0156, Turla successfully attacked Afghan government systems and Indian military networks, stealing sensitive data without having to conduct the initial breaches themselves.
Why Is This Important?
This tactic is highly deceptive. Instead of starting the hacking process from scratch, Turla hijacked Storm-0156’s efforts, using their tools and servers to execute their operations. This makes it much harder for cybersecurity experts to pinpoint the true culprits, as it appears to be the work of the original group.
Who Is Turla?
Turla is a Russian hacking group that has been active for over 30 years. Believed to work closely with Russia’s government, their primary targets include government, military, and diplomatic organizations worldwide. Turla is infamous for using advanced hacking techniques and developing custom malware to carry out their attacks.
How They Operate
Turla often exploits the tools and infrastructure of other hacking groups to:
- Hide their tracks: Making it appear as though another group conducted the attack.
- Save resources: Utilizing work that has already been done by others.
- Expand access: Reaching systems that others have already compromised.
In this campaign, Turla used Storm-0156’s malware, such as Crimson RAT, and even developed new tools like MiniPocket to further their operations.
What’s the Impact?
Turla’s actions targeted crucial networks in Afghanistan and India, particularly focusing on government and military data. By piggybacking on Storm-0156’s infrastructure, Turla managed to gather valuable intelligence while remaining undetected.
Conclusion
This campaign highlights how hackers are becoming more strategic and cunning by hijacking the work of others. For organizations, this is a reminder to invest in robust cybersecurity measures and collaborate with experts to detect and prevent such sophisticated threats. Turla’s ability to operate under the guise of another group shows how challenging it can be to trace attacks back to their real source in the modern digital landscape.
![[2024] Top 100+ VAPT Interview Questions and Answers](https://www.webasha.com/blog/uploads/images/image_100x75_6512b1e4b64f7.jpg)
