Russian President Vladimir Putin and Iranian President Hassan Rouhani at a meeting in Armenia in early October. Photo: Mikhail Metzel/TASS via Getty Images

U.S. and U.K. intelligence agencies confirmed Monday that the Russian espionage hacker group Turla used tools and infrastructure from Iranian espionage group OilRig, likely without the Iranian group's knowledge.

Why it matters: Moves like this can sometimes confound efforts to understand who exactly has spied on what. And, by monitoring malware implanted by Iran, Turla saved itself the effort of hacking targets directly.

  • The backdrop: OilRig traditionally spies on Middle Eastern targets. Turla, whose operations are more global in nature, is only known by the NSA and NCSC to have used OilRig malware when spying on Middle Eastern targets.

Details: An investigation by the NSA and the U.K.'s lead cybersecurity intelligence agency details that malware that Turla has used since at least 2017 was "very likely Iranian in origin," according to a report released by the U.K.'s National Cyber Security Centre.

  • OilRig was "almost certainly not aware of, or complicit with, Turla’s use of their implants," according to the report.
  • More than just re-appropriating malware, it appears Turla piggy-backed on OilRig's control infrastructure and even used the malware implanted by the OilRig hackers to do its own espionage.
  • Turla's use of OilRig hacking infrastructure was first reported by Symantec in June.
  • The NSA and NCSC are the first to note that the malware tools Nautilus and Neuron, once thought to be from Turla, are actually from Iran.

The bottom line: In one fell swoop, the Western allies have left egg on the faces of both Iran and Russia, two key rivals in the cyber domain.

Go deeper

Updated 18 mins ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 8 a.m. ET: 33,137,748 — Total deaths: 998,372 — Total recoveries: 22,952,164Map.
  2. U.S.: Total confirmed cases as of 8 a.m. ET: 7,116,456 — Total deaths: 204,762 — Total recoveries: 2,766,280 — Total tests: 101,298,794Map.
  3. States: 3 states set single-day coronavirus case records last week
  4. Health: The childless vaccine. The long-term pain of the mental health pandemic
  5. World: India the second country after U.S. to hit 6 million cases
Dion Rabouin, author of Markets
34 mins ago - Economy & Business

Big Tech's share of the S&P 500 reached record level in August

Expand chart
Reproduced from The Leuthold Group; Chart: Axios Visuals

The gap between the weighting of the five largest companies in the S&P 500 and the 300 smallest rose to the highest ever at the end of August, according to data from the Leuthold Group.

Why it matters: The concentration of wealth in a few massive U.S. tech companies has reached a scale significantly greater than it was before the dot-com bubble burst.

Fortune 100 companies commit $3.3 billion to fight racism and inequality

Data: Fortune 500, Axios analysis of company statements, get the data; Chart: Andrew Witherspoon, Naema Ahmed/Axios

Big businesses continue to push funding toward fighting inequality and racism, with the 100 largest U.S. companies' monetary commitments rising to $3.33 billion since the death of George Floyd at the hands of Minneapolis police earlier this year, according to an Axios analysis.

Why it matters: The continued pace of funding commitments shows that months after Floyd's death there remains pressure for the wealthiest corporations to put their money behind social issues and efforts.

Get Axios AM in your inbox

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Subscription failed
Thank you for subscribing!