A new report from Moscow-based cybersecurity firm Kaspersky Lab outlines a sophisticated group of Russian hacker's exploitation of commercial satellites to help obfuscate their efforts to steal sensitive data from diplomatic and military targets in Europe and the United States. The group is refereed to by some as Turla, after the malicious software it makes use of, and it has targeted government organizations, embassies, and companies in Russia, China, and dozens of other countries. Research groups and pharmaceutical firms have also been targets. Turla's technique involves first infecting a target computer with malware via a watering hole attack on a website they know the target frequently visits. Once Turla has control of the target computer, it instructs the computer to send stolen data to the IP address of an unsuspecting satellite Internet user being spoofed by Turla. Because the data is beamed out over the entire range of the satellite's beam, which can be thousands of miles, the location of the command and control servers receiving the data is effectively hidden. According to Kaspersky's Stefan Tanase, Turla tends to use satellite Internet connections in the Middle East and Africa, likely in an effort to avoid the scrutiny of security researchers and law enforcement. While Kaspersky does not link Turla to the Russian government, other researchers have.
Washington Post (09/10/15) Nakashima, Ellen
Washington Post (09/10/15) Nakashima, Ellen