Turla (Russia): US and UK officials have reported that Russian threat actor Turla has been piggybacking off the infrastructure put in place by Iranian threat actor APT34. By doing this, the group was able to disguise their attacks and trick victims into thinking APT34 was behind the attacks. Turla was originally accused by Estonian and Czech authorities of operating on behalf of the FSB, Russia’s main intelligence agency. Turla has allegedly been using Iranian tools to target over 20 different countries in the past 18 months. US and UK officials stated that there was no evidence of the two groups colluding in the attacks. Threat actors work in a crowded space and are bound to run into one another at some point. In this case, Russia found Iranian infrastructure, gained access to use it, and tried to pass itself off as Iran. Ultimately, it was discovered that Russia was behind the attacks and one official did state that eventually, all False Flag operations will be exposed. By having access to the Iranian infrastructure, Turla was able to take control of their command and control servers and deploy their malware from there, masking the attacks they were carrying out. Turla also gained access to APT34’s victims’ networks and had access to Iranian malware builders to create malware that could be passed off as Iranian code