Kaspersky Exposes Russian Hackers Stealing Data via Satellite

Russian-speaking hackers with the cyberespionage group Turla have found a way to exploit weaknesses in global satellite networks to steal data while disguising the locations of their computers, the security firm Kaspersky Lab has revealed.

Researchers at the firm said the hacking group, which has infected hundreds of computers in nearly four dozen countries over its eight-plus years of operation, has found an "exquisite" way to steal information by infecting the computers of Internet users connecting via satellite.

The strategy allows Turla -- also sometimes called "Snake" or "Uroburos" -- to appropriate the IP identities of legitimate satellite Internet users, and use their connections to exfiltrate data, usually without the users' knowledge. Stolen data is directed to Turla's command-and-control servers, which are used to deploy malware on victims' machines.

Another factor that makes it hard for investigators to locate Turla's members is their choice of IP addresses: the group concentrates on addresses belonging to satellite Internet service providers in the Middle East and Africa. These operators rarely operate in Europe or North America, making it difficult for security researchers -- many of whom are based in the EU or U.S. -- to investigate attacks.

'Exquisite' Hacking Strategy

"When you are an APT (advanced persistent threat) group, you need to deal with many different problems," Kaspersky researcher Stefan Tanase said on the company's SecureList blog. "One of them, and today perhaps the biggest, is the constant seizure and takedown of domains and servers used for command-and-control (C&C)."

C&C servers are constantly at risk of being shut down, either by law enforcement officials or ISPs, Tanase noted. They can also sometimes be used to trace hackers back to their physical locations, he said.

"Some of the most advanced threat actors or users of commercial hacking tools have found a solution to the takedown problem...

Comments are closed.