IRON HUNTER
Objectives
Aliases
Tools
SUMMARY
The IRON HUNTER (also known as Turla) threat group primarily targets government, diplomatic and military organizations, including ministries of foreign affairs and embassies. It operates and maintains a large set of sophisticated malware, including the Snake rootkit, Agent.BTZ/ComRAT, Mosquito, and LightNeuron. CTU researchers assess with high confidence that IRON HUNTER is operated by a Russian intelligence service, and with moderate confidence that IRON HUNTER is operated by the FSB.
IRON HUNTER tactics include strategic web compromises, themed spearphishing lures, fake software update files, and the use of satellite communication hijacking for command and control. In 2019, the U.K. National Cyber Security Centre (NCSC) reported that the Neuron and Nautilus tools, previously linked in public reporting to IRON HUNTER, were instead very likely Iranian in origin, and had been acquired and operated by IRON HUNTER against targets predominantly in the Middle East. The NCSC also reported that IRON HUNTER had used Iranian web shells and COBALT GYPSY's PoisonFrog C2 administration panels to deliver its own malware.
Contactez-nous
Que votre organisation ait besoin d’une assistance immédiate ou que vous souhaitiez discuter de vos besoins en matière de préparation aux incidents, de réponse et de test, contactez-nous directement ci-dessous.