Eye Spy Intelligence Magazine|Issue 125
Michal Koudelka, Director of the Czech Security and Information Service (BIS), has revealed his counterespionage section has uncovered a Russian spy network operating in Prague since at least 2017. Whilst he said information on the operation could not be disclosed until approved for publication in its annual report, the activities of the Russian special services were now discontinued. “The network was completely destroyed and decimated,” said Koudelka.
Intelligence sources in the Czech Republic believe the Russian operation, reportedly carried out by undercover FSB agents, involves at least two private computer and software companies.
OILRIG AND TURLA
The endeavour is being linked to a Russian cyber group called Turla (sometimes referred to as Venomous Bear and Waterbug). British cyber counter-intelligence officers recently disclosed the group had essentially hacked into an operational Iranian cyber outfit codenamed OilRig, believed to be part of MOIS (Ministry of Intelligence and Security) and responsible for two earlier cyber operations codenamed Neuron and Nautilus.
The British investigation began in 2017 and uncovered the “piggyback” engagement which targeted a UK academic institution.
According to intelligence sources, the Russians discovered OilRig was investigating possible backdoors into systems of around 35-countries, many in the Middle East. Once compromised, Turla then expanded its search across Europe. Officials said the covert action was “double-edged”, in that Turla was using Iranian tools to both infiltrate systems and then hide behind them. “If a compromise was discovered, users would believe the Iranians were responsible,” a source said. “Iran was oblivious of Turla’s presence.”
The information targeted was held by governments, military bodies, technology, energy and commercial companies.
The UK’s National Cyber Security Centre (NCSC), the protective element of GCHQ, did not specifically confirm the Russian Government was behind the action. Paul Chichester, Director of Operations NCSC, said: “Turla acquired access to Iranian tools and had the ability to identify and exploit them to further their own aims. We want to send a clear message that even when cyber actors seek to mask their identity, our capabilities are a match for them and we can identify them.”
Intelligence watchers have long known Turla is controlled by Russian Intelligence.
NSA officials, who joined with GCHQ to help expose the ruse, were a little more open, and some pointed the finger of blame at Russia. Other intelligence commentators believe the endeavour is but part of a wider international spy network with operational cells functioning elsewhere in Europe and North America.
You can read up to 3 premium stories before you subscribe to Magzter GOLD
Log in, if you are already a subscriber
Get unlimited access to thousands of curated premium stories and 5,000+ magazines
READ THE ENTIRE ISSUE