VERY IMPORTANT

In November 2017, the NCSC released an advisory highlighting the Turla Group’s use of the tools Neuron and Nautilus.1 Since then, the NCSC has identified a new version of the Neuron malware. The new version has been modified to evade previous detection methods. Neuron operates on Microsoft Windows platforms, primarily targeting mail servers and web servers. The NCSC has observed this tool being used by the Turla group to maintain persistent network access and to conduct network operations. The compile times contained within these new binaries show that the actor implemented the required modifications to Neuron approximately five days after public releases by the NCSC and other vendors. This NCSC report provides new intelligence on the Neuron malware, a tool used by the Turla group to target the UK. It contains IOCs and signatures for to be used for network monitoring and detection.