Pages

17 December 2024

Russian state hackers hijacked rival servers to spy on targets in India, Afghanistan

Daryna Antoniuk

Russian state-sponsored hackers exploited the servers of Pakistani threat actors to target organizations in South Asia, according to a new report.

In a campaign that began two years ago, the Moscow-backed hacker group Secret Blizzard, also known as Turla, infiltrated infrastructure used by the Pakistan-based cyber-espionage group Storm-0156 to spy on victims of political interest to the Kremlin.

The targeted organizations included government and intelligence agencies in Afghanistan, as well as military and defense-related institutions in India, researchers from Microsoft and Lumen Technologies' threat intelligence arm, Black Lotus Labs, revealed in a report published on Wednesday.

It remains unclear how Secret Blizzard initially gained access to Storm-0156’s infrastructure or whether the Pakistani hackers were aware of the intrusion and allowed the attacks to be launched from their servers.

For Secret Blizzard, this strategy is not new. Since 2017, researchers have identified at least four instances where the group embedded itself in another threat actor’s operations. The group previously infiltrated the infrastructure of the Iranian state hacker group OilRig and a Kazakhstan-based threat actor.


No comments:

Post a Comment