Turla group activity report prepared by NSA and NCSC
The NSA (National Security Agency) of the United States and the NCSC (National Cyber Security Centre) of the United Kingdom have published a joint notice on the APT (Advanced Persistent Threat) of the Turla group, also known as Snake, Uroburos, VENEMOUS BEAR, or Waterbug.
The notice provides an update to the NCSC report released in January 2018 on Turla's use of the malicious tools Neuron, Nautilus and Snake to steal confidential data.
In addition, the communiqué states that Turla has committed, and is currently exploiting, the infrastructure and resources of an Iranian group of APT 34, which include the tools of Neuron and Nautilus. According to Symantec, APT 34 are also known by the nicknames HELIX, KITTEN and OilRig.
References:
- 21/10/2019 us-cert.gov NSA and NCSC Release Joint Advisory on Turla Group Activity
- 21/10/2019 media.defense.gov Turla Group Exploits Iranian APT To Expand Coverage Of Victims
- 21/10/2019 ncsc.gov.uk Advisory: Turla group exploits Iranian APT to expand coverage of victims
- 09/01/2018 incibe-cert.es El grupo Turla ataca de nuevo