Russian hacker group exploits satellites to steal data, hide tracks

Coverage Type: 

A group of sophisticated Russian-speaking hackers is exploiting commercial satellites to siphon sensitive data from diplomatic and military agencies in the United States and in Europe as well as to mask their location, a security firm said in a new report. The group, which some researchers refer to as Turla, after the name of the malicious software it uses, also has targeted government organizations, embassies and companies in Russia, China and dozens of other countries, as well as research groups and pharmaceutical firms, said Stefan Tanase, senior security researcher at Kaspersky Lab, a Moscow-based cybersecurity firm with analysts around the world.

Turla has used this technique for at least eight years, which reflects a degree of sophistication and creativity generally not seen among advanced hacker groups, Tanase said. The Turla malware originated from a “sophisticated Russian-government-affiliated” hacker group that “we call Venomous Bear,” said Dmitri Alperovitch, co-founder and chief technology officer of CrowdStrike.


Russian hacker group exploits satellites to steal data, hide tracks