NSA and NCSC Release Joint Advisory on Turla Group Activity

["US-CERT" <US-CERT () ncas us-cert gov>]

Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:



NSA and NCSC Release Joint Advisory on Turla Group Activity [ 
https://www.us-cert.gov/ncas/current-activity/2019/10/21/nsa-and-ncsc-release-joint-advisory-turla-group-activity ] 
10/21/2019 11:56 AM EDT 
Original release date: October 21, 2019

The National Security Agency (NSA) and the United Kingdom National Cyber Security Centre (NCSC) have released a joint 
advisory [ https://media.defense.gov/2019/Oct/18/2002197242/-1/-1/0/NSA_CSA_TURLA_20191021%20VER%203%20-%20COPY.PDF ] 
on advanced persistent threat (APT) group Turlawidely reported to be Russian. The advisory provides an update to NCSCs 
January 2018 report [ https://www.ncsc.gov.uk/news/turla-group-malware ] on Turlas use of the malicious Neuron, 
Nautilus, and Snake tools to steal sensitive data. Additionally, the advisory states that Turla has compromisedand is 
currently leveragingan Iranian APT groups infrastructure and resources, which include the Neuron and Nautilus tools.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following 
resources for more information:
 NSA Advisory Turla Group Exploits Iranian APT To Expand Coverage Of Victims [ 
https://media.defense.gov/2019/Oct/18/2002197242/-1/-1/0/NSA_CSA_TURLA_20191021%20VER%203%20-%20COPY.PDF ]
 UK NCSC Advisory Turla group exploits Iranian APT to expand coverage of victims [ 
https://www.ncsc.gov.uk/news/turla-group-exploits-iran-apt-to-expand-coverage-of-victims ]
 January 2018 UK NCSC Report Turla Group Malware [ https://www.ncsc.gov.uk/news/turla-group-malware ]

This product is provided subject to this Notification [ https://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ https://www.dhs.gov/privacy-policy ] policy.

body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: normal; font-style: normal; color: 
#333333; } ________________________________________________________________________

A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have 
questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a 
notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () 
ncas us-cert gov to your address book. 

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ]  

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]