Space hackers: Russian-speaking group uses satellites to steal data, experts say

A group of sophisticated Russian-speaking hackers is exploiting commercial satellites to siphon sensitive data from diplomatic and military agencies in the United States and in Europe as well as to mask their location, a security firm said in a new report.

The group, which some researchers refer to as Turla, after the name of the malicious software it uses, also has targeted government organisations, embassies and companies in Russia, China and dozens of other countries, as well as research groups and pharmaceutical firms, said Stefan Tanase, senior security researcher at Kaspersky Lab, a Moscow-based cybersecurity firm with analysts around the world.

Turla has used this technique for at least eight years, which reflects a degree of sophistication and creativity generally not seen among advanced hacker groups, Tanase said.

“For us, it was very surprising,” he said in a phone interview from Bucharest, Romania. “We’ve never seen a malicious operation that hijacked satellite” connections to obtain data and to cover its tracks. “This is the first group that we believe has done it. It allows you to achieve a much greater level of anonymity.”

Although Kaspersky has not linked Turla to the Russian government, other security firms have done so.

The Turla malware originated from a “sophisticated Russian-government-affiliated” hacker group that “we call Venomous Bear”, said Dmitri Alperovitch, co-founder and chief technology officer of CrowdStrike, an Irvine, California-based cybersecurity technology firm.

Turla specializes in diplomatic and military targets in the United States, Europe, Middle East and Central Asia to gain political and strategic intelligence, he said. Turla is not the Russian group that is believed to have hacked the State Department, White House and Pentagon over the past year, Alperovitch said. That group was dubbed Cozy Bear by CrowdStrike.