[ISN] Russian Spy Gang Hijacks Satellite Links to Steal Data

http://www.wired.com/2015/09/turla-russian-espionage-gang-hijacks-satellite-connections-to-steal-data/ By Kim Zetter Security Wired.com 09.09.15 IF YOU’RE A state-sponsored hacker siphoning data from targeted computers, the last thing you want is for someone to locate your command-and-control server and shut it down, halting your ability to communicate with infected machines and steal data. So the Russian-speaking spy gang known as Turla have found a solution to this—hijacking the satellite IP addresses of legitimate users to use them to steal data from other infected machines in a way that hides their command server. Researchers at Kaspersky Lab have found evidence that the Turla gang has been using the covert technique since at least 2007. Turla is a sophisticated cyber-espionage group, believed to be sponsored by the Russian government, that has for more than a decade targeted government agencies, embassies, and militaries in more than 40 countries, including Kazakhstan, China, Vietnam, and the US, but with a particular emphasis on countries in the former Eastern Bloc. The Turla gang uses a number of techniques to infect systems and steal data, but for some of its most high-profile targets, the group appears to use a satellite-based communication technique to help hide the location of their command servers, according to Kaspersky researchers. Ordinarily, hackers will lease a server or hack one to use as a command station, sometimes routing their activity through multiple proxy machines to hide the location of the command server. But these command-and-control servers can still often be traced to their hosting provider and taken down and seized for forensic evidence. […]