Microsoft and Lumen's Black Lotus Labs find Russia-linked Turla hackers hijacked Pakistan-based hackers' servers to launch their own attacks since December 2022
The notorious Russian cyber-espionage group Turla is hacking other hackers, hijacking the Pakistani threat actor Storm-0156's infrastructure …
BleepingComputer Bill Toulas
Related Coverage
- Snowblind: The Invisible Hand Of Secret Blizzard Lumen Blog
- Russian state hackers hijacked rival servers to spy on targets in India, Afghanistan The Record · Daryna Antoniuk
- Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage Microsoft Security Blog
- Russian-linked Turla caught using Pakistani APT infrastructure for espionage CyberScoop · Greg Otto
- Russian FSB-linked hackers rely on other cybercriminals' infrastructure, report finds Cybernews.com · Ernestas Naprys
- Russia-linked APT Secret Blizzard spotted using infrastructure of other threat actors Security Affairs · Pierluigi Paganini
- Russian FSB Hackers Breach Pakistani APT Storm-0156 Dark Reading · Nate Nelson
- Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities The Hacker News
- Spy V Spy: Russian APT Turla Caught Stealing From Pakistani APT SecurityWeek · Ryan Naraine
Discussion
-
@lukaszolejnik
Lukasz Olejnik
on bluesky
Russian cyber threat actor Turla hacked 33 infrastructure nodes of Pakistani-based cyber threat actor, “Storm-0156” to attack other targets, to deploy their own cyber tools (malware) for cyber-espionage purposes vs Afghan government and India. It delays attribution. blog.lumen.c…
-
@hultquist
John Hultquist
on bluesky
Second time we've seen Turla sit on top of someone else's operation. blog.lumen.com/snowblind-th...
-
@pylos.co
Joe Slowik
on bluesky
This is really neat: — blog.lumen.com/snowblind-th...
-
@loumariehsd
Louise Marie Hurel
on x
FSB's Center 16 tracked as Secret Blizzard/Turla has used the tools and infrastructure of at least 6 other threat actors during the past 7 years for the exclusive purpose of facilitating espionage operations. https://www.microsoft.com/...
-
@greglesnewich
Greg Lesnewich
on x
holy smokes the MSFT and Lumen reporting on Turla have some bomb shells - co-opting SideCopy infrastructure - borrowed Tomiris from another actor to load their tooling - SideCopy was in the parking lot of targets to pop em? https://blog.lumen.com/... https://www.microsoft.com/..…
-
@msftsecintel
@msftsecintel
on x
Based on our findings and those reported by governments and other security vendors, Microsoft Threat Intelligence assesses the Russian nation-state actor we track as Secret Blizzard has used the tools and infrastructure of at least 6 other threat actors during the past 7 years.