The United Kingdom’s National Cyber Security Centre (NCSC) has released a security advisory and intelligence report on the Turla cyber threat group that targets government, military, technology, energy and commercial organizations.
According to the NCSC, Turla is using Neuron and Nautilus malicious tools that are designed to run on Microsoft Windows platforms, primarily targeting mail servers and web servers.
Both of these tools are used to provide persistent network access in order to compromise networks/systems used to gather intelligence and steal sensitive data. These tools are similar to another malicious tool, Snake rootkit, the group has been using for years.
As part of the advisory, the NCSC also provided guidance organizations can use to detect Neuron and Nautilus infections as well.