New advisory from the UK’s NCSC and the NSA throws fresh light on activity first revealed by Symantec in June.
A new report from the United Kingdom’s National Cyber Security Center (NCSC) shows that the Russia-backed cyber espionage group Turla has carried out more attacks than previously thought using infrastructure and malware hijacked from Iranian threat group APT34.
The NCSC recently analyzed data pertaining to Turla’s use of three malware tools — Neuron, Nautilus, and an ASPX-based backdoor — in attacks targeted at UK organizations. The tools are designed for attackers to steal data and maintain persistence on Windows networks.
The NCSC has previously noted Turla’s use of these tools in intelligence-gathering operations targeting organizations in the technology, military, energy, and government sectors. But it had not until now connected the tools to APT34 (aka OilRig, Crambus) – though Symantec did so in a report back in June.
Read the full story here including Cymulate’s thoughts on how this could lead to further attack options: