Britain’s National Cyber Security Center and the U.S.’s National Security Agency (NSA) released a report about the activities of Turla, a Russian hacker group, on Monday. Turla was accused of stealing cyberattack tools from Iran and attacking government and industry organizations in at least 20 different countries over the last 18 months.
Iranian APT group’s tools had stolen
According to the British officials, the hacking campaign, with extent never-before-seen, primarily targeted organizations and entities in the Middle East but Britain was also affected. In this campaign, Turla used Iranian cyberattack tools and infrastructure. Turla was defined as an advanced persistent threat group with suspected ties to the Russian government since at least 2014.
It was estimated that the stolen tools and infrastructure are connected with the Iranian APT group OilRig, HelixKitten, and Crambus. This group was suspected to have ties with the Iranian government. Their target list mostly focused on the Middle East, has also global victims.
The target is the Middle East
OilRig’s tools include Neuron, Nautilus, and Snake. According to NCSC, most of OilRig’s targets were located in the Middle East including military establishments, government departments, scientific organizations, and universities.
Security firm Symantec has first released a report about Turla’s attacks in June. It was reported that Waterbug, another alias of Turla, attacked with OilRig’s infrastructure; delivering malware by using OilRig’s PoisonFrog control panel.