It sounds funny but it is actually a pretty slick trick.
From Bleeping Computer, December 4:
The notorious Russian cyber-espionage group Turla is hacking other hackers, hijacking the Pakistani threat actor Storm-0156's infrastructure to launch their own covert attacks on already compromised networks.
Using this tactic, Turla (aka "Secret Blizzard") accessed networks Storm-0156 had previously breached, like in Afghan and Indian government organizations, and deployed their malware tools.
According to a report from Lumen's Black Lotus Labs, which tracked this campaign since January 2023 with the help of Microsoft's Threat Intelligence Team, the Turla operation has been underway since December 2022.
Turla (aka Secret Blizzard) is a Russian state-sponsored hacking group linked to Center 16 of Russia's Federal Security Service (FSB), the unit responsible for the interception, decoding, and collection of data from foreign targets.
The threat actors have a long history of secretive cyber-espionage campaigns targeting governments, organizations, and research facilities worldwide since at least 1996.
They are the suspects behind cyberattacks targeting the U.S. Central Command, the Pentagon and NASA, several Eastern European Ministries of Foreign Affairs, as well as the Finnish Foreign Ministry.
More recently, the Five Eyes disrupted Turla's "Snake" cyber espionage malware botnet, used to compromise devices, steal data, and hide on breached networks.....
....MUCH MORE
