![Russian Cyber Spies Commandeer Pakistani Hackers' Network in Audacious Double-Hack](https://mlkmisyfyt7n.i.optimole.com/cb:QnOd.1c245/w:auto/h:auto/q:mauto/ig:avif/https://clickcontrol.com/wp-content/uploads/2024/12/b73d338b92_enhanced.jpg)
Turla, linked to Russia’s FSB, accessed networks previously compromised by Storm-0156, including Afghan and Indian government organizations. They deployed various malware tools including:
– TinyTurla backdoor variant
– TwoDash backdoor
– Statuezy clipboard monitor
– MiniPocket downloader
Key targets included:
– Afghan Ministry of Foreign Affairs
– General Directorate of Intelligence
– Afghan government consulates
– Indian military and defense institutions
By mid-2023, Turla had infiltrated Storm-0156’s workstations, accessing their malware tools (CrimsonRAT and Wainscot) and stolen data. This strategy allows Turla to:
– Gather intelligence stealthily
– Avoid direct attribution
– Shift blame to other actors
This isn’t Turla’s first such operation – they previously exploited Iranian group OilRig’s infrastructure (2019) and Andromeda malware victims in Ukraine (2022). Lumen is now blocking all traffic from known command and control infrastructure on their network.