Russian APT group Turla hijacked an Iranian APT to carry out cyberattacks.

On October 21, 2019, the National Security Agency (NSA) and the UK’s National Cyber Security Centre (NCSC) released a joint report stating that Russian hacking group Turla hacked into the infrastructure of an Iranian threat actor, APT34, to carry out cyberattacks on dozens of targets. Turla is also known as Waterbug, Snake, WhiteBear, and VENOMOUS BEAR.

According to the NCSC, Turla compromised APT34's infrastructure. It used the same techniques APT34 used to carry out attacks on organizations belonging to government, military, technology, energy, and commercial sectors. Besides that, Turla also identified infected servers in more than 35 countries, including Saudi Arabia, Kuwait, Qatar, and the UAE. Once the infected servers were identified, Turla leveraged APT34's hijacked malware to establish its own presence on the victims’ networks.

symantec atp attack report

In June of 2019, Symantec first reported evidence of the attacks that Turla had carried out in January of the previous year. Paul Chichester, the NCSC’s director of operations, said: “Identifying those responsible for attacks can be very difficult, but the weight of evidence points towards the Turla group being behind this campaign. We want to send a clear message that even when cyber actors seek to mask their identity, our capabilities will ultimately identify them. "


Stay In The Know

Thank you

You will receive weekly cybersecurity news soon!

  • Please enter a business email id
    By clicking 'I'm Interested', you agree to processing of personal data according to the Privacy Policy.

© 2022 Zoho Corporation Pvt. Ltd. All rights reserved.