Russian Spy Gang Hijacks Satellite Links to Steal Data

[InfoSec News <alerts () infosecnews org>]

http://www.wired.com/2015/09/turla-russian-espionage-gang-hijacks-satellite-connections-to-steal-data/

By Kim Zetter
Security
Wired.com
09.09.15

IF YOU’RE A state-sponsored hacker siphoning data from targeted computers, 
the last thing you want is for someone to locate your command-and-control 
server and shut it down, halting your ability to communicate with infected 
machines and steal data.

So the Russian-speaking spy gang known as Turla have found a solution to 
this—hijacking the satellite IP addresses of legitimate users to use them 
to steal data from other infected machines in a way that hides their 
command server. Researchers at Kaspersky Lab have found evidence that the 
Turla gang has been using the covert technique since at least 2007.

Turla is a sophisticated cyber-espionage group, believed to be sponsored 
by the Russian government, that has for more than a decade targeted 
government agencies, embassies, and militaries in more than 40 countries, 
including Kazakhstan, China, Vietnam, and the US, but with a particular 
emphasis on countries in the former Eastern Bloc. The Turla gang uses a 
number of techniques to infect systems and steal data, but for some of its 
most high-profile targets, the group appears to use a satellite-based 
communication technique to help hide the location of their command 
servers, according to Kaspersky researchers.

Ordinarily, hackers will lease a server or hack one to use as a command 
station, sometimes routing their activity through multiple proxy machines 
to hide the location of the command server. But these command-and-control 
servers can still often be traced to their hosting provider and taken down 
and seized for forensic evidence.

[...]

--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/