Turla, a Russian state hacker group, employs innovative methods for cyberespionage. They have reportedly used their control over Russian internet service providers to directly implant spyware on target computers. This technique involves manipulating internet traffic to deceive victims in foreign embassies into installing malicious software. The spyware disables encryption, exposing communications and sensitive information, such as usernames and passwords, to surveillance by ISPs and state intelligence. This approach blurs the line between traditional mass surveillance and active cyber intrusion, creating a new tool for targeting individuals within Russia's borders.
The Russian state hacker group known as Turla has carried out some of the most innovative hacking feats in the history of cyberespionage, hiding their malware's communications in satellite connections or hijacking other hackers' operations to cloak their own data extraction.
The group, which is also known as Snake, Venomous Bear, or Microsoft's own name, Secret Blizzard, appears to have used its state-sanctioned access to Russian ISPs to meddle with internet traffic and trick victims working in foreign embassies operating in Moscow into installing the group's malicious software on their PCs.
The spyware deployed by Turla disabled encryption on those targets' machines so that data they transmitted across the internet remained unencrypted, leaving their communications and credentials like usernames and passwords entirely vulnerable to surveillance.
Sherrod DeGrippo points out that this technique represents a rare blend of targeted hacking for espionage and governments' older, more passive approach to mass surveillance.
Collection
[
|
...
]