On October 21, the US National Security Agency and the UK National Cyber Security Centre announced that the hacker organization Turla from Russia has attacked the Iranian hacker group APT34. “Turla accessed and used the Command and Control (C2) infrastructure of Iranian APTs to deploy their own tools to victims of interest. Turla directly accessed ‘Poison Frog’ C2 panels from their own infrastructure and used this access to task victims to download additional tools.”
After the successful invasion, Turla obtained the APT34 victim list, target system access credentials, and source code for various malware. After modifying the source code of this malware, Turla can use its own C&C server to issue commands to it. Currently, ATP34 has attacked entities in 35 countries using stolen Neuron and Nautilus malware.
It is understood that Turla and APT34 are implicitly supported by the Russian government and the Iranian government. Among them, APT34 is also known as OILRIG. The organization has been active since 2014, and its main targets are key infrastructures in the fields of finance, energy, telecommunications, and chemicals. However, both the Russian and Iranian governments have denied allegations of cyberattacks.