The British and United States officials said on October 21 that Russian hackers took advantage of an Iranian cyber-espionage operation to attack the government along with the industry organizations in dozens of countries while pretending to be attackers from the Islamic State. The Russian group is known as “Turla” which was accused by the Estonian and Czech authorities of operating on behalf of the Russian security services used Iranian tools along with the computer infrastructure to hack into the organizations of nearly 20 different countries over the span of last 18 months.
The UK and US intelligence group exposed the Turla group attack and was also published together by UK's National Cyber Security Centre and the US National Security Agency also revealed that the Turla group had attacked the majority of the victims from the middle east and even viewed the documents extracted from various sectors as well as governments. The group used the implants derived from the suspected Iran-based hacking groups' previous campaigns like 'Neuron' and 'Nautilus.' Further, in order to acquire similar tools, the Russian group also compromised the suspected group as themselves.
Paul Chichester, the NCSC director of operations said, “Identifying those responsible for attacks can be very difficult, but the weight of evidence points towards the Turla group being behind this campaign. We want to send a clear message that even when cyber actors seek to mask their identity, our capabilities will ultimately identify them. Turla acquired access to Iranian tools and the ability to identify and exploit them to further their own aims”.
According to the official release by the NCSC, the Turla group is also referred to as Waterbugor or Venomous Bear. It regularly collects information by targeting military, government, technology, energy and commercial organizations. Turla used the Neuron and Nautilus implants and an ASPX-based backdoor alongside the Snake rootkit. The document provides an update on the reported activity, with a particular focus on how those tools were used in the period leading up to, and following, the publication of those advisories.