- Joined
- May 15, 2016
- Messages
- 13,951
- Likes
- 2,643
- Points
- 1,730
The US National Security Agency (NSA) and the UK National Cybersecurity Center (NCSC) warned https://www.ncsc.gov.uk/news/turla-g...age-of-victims that the Russian-speaking group Turla (aka Waterbug , Snake, WhiteBear, VENOMOUS BEAR and Kypton) actively pretend to be Iranian hackers, using their infrastructure to attack the countries of the Middle East.
According to experts, Turla adapted for its purposes the previously used tools of Iranian hackers, Neuron and Nautilus, and also seized their infrastructure through a hacked account. Turla participants then tried to gain access to government systems, military organizations, and universities in 35 countries in the Middle East (goals in at least 20 countries were successfully compromised). Moreover, according to the NSA and NCSC, Iranian hackers do not cooperate with Turla and, most likely, did not know about the hack at all.
After stealing Iranian tools, hackers tested them against organizations that had already been hacked using their Snake toolkit before searching for new victims.
Let me remind you that the Turla side reported the compromise of the Iranian hack group APT34 (also Oilrig, HelixKitten and Crambus) by Turla last summer https://xakep.ru/2019/06/21/turla-oilrig/ by Symantec.