National Security Agency, NCSC Publish Advisory on Russian Government-Associated Threat

The US’s National Security Agency (NSA) and UK’s National Cyber Security Centre (NCSC) released a joint Cybersecurity Advisory detailing the activities of the Russian government-associated advanced persistent threat (APT) Turla group, also known as Uroburos, Waterbug, or VENOMOUS BEAR.

According to the New Jersey Cybersecurity & Communications Integration Cell (NJCCIC), the advisory provides an update to previous NCSC reports of the group’s use of Iranian APT tools, such as Neuron and Nautilus, in their cyber operations against military establishments, government departments, universities, and scientific organizations, mainly in the Middle East.

Since November 2017, the NCSC has identified a new version of the Neuron malware. The new version has been modified to evade previous detection methods, says the NCSC. "Neuron operates on Microsoft Windows platforms, primarily targeting mail servers and web servers. The NCSC has observed this tool being used by the Turla group to maintain persistent network access and to conduct network operations. The compile times contained within these new binaries show that the actor implemented the required modifications to Neuron approximately five days after public releases by the NCSC and other vendors."

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.