Trojan.Win32.DarkNeuron.gen MVID-2022-0661 Named Pipe NULL DACL

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/d891c9374ccb2a4cae2274170e8644d8.txt Contact: [email protected] Media: twitter.com/malvuln Backup media: infosec.exchange/@malvuln Threat: Trojan.Win32.DarkNeuron.gen Vulnerability: Named...

Russian Hackers Tricked Ukrainians with Fake "DoS Android Apps to Target Russia" — The Hacker News

Russian threat actors capitalized on the ongoing conflict against Ukraine to distribute Android malware camouflaged as an app for pro-Ukrainian hacktivists to launch distributed denial-of-service DDoS attacks against Russian sites. Google Threat Analysis Group TAG attributed the malware to Turla,...

Ukraine War Themed Files Become the Lure of Choice for a Wide Range of Hackers

A growing number of threat actors are using the ongoing Russo-Ukrainian war as a lure in various phishing and malware campaigns, even as critical infrastructure entities continue to be heavily targeted. "Government-backed actors from China, Iran, North Korea and Russia, as well as various...

New Russian Android Malware Tracks GPS Location and Spies on Victims

By Waqas The culprit behind this malware is Turla, a Russia State-Sponsored group known for previous high-profile malware attacks against… This is a post from HackRead.com Read the original post: New Russian Android Malware Tracks GPS Location and Spies on Victims...

Researchers Uncover New Android Spyware With C2 Server Linked to Turla Hackers

An Android spyware application has been spotted masquerading as a "Process Manager" service to stealthily siphon sensitive information stored in the infected devices. Interestingly, the app — that has the package name "com.remote.app" — establishes contact with a remote command-and-control server...

Russian Turla APT Group Deploying New Backdoor on Targeted Systems

State-sponsored hackers affiliated with Russia are behind a new series of intrusions using a previously undocumented implant to compromise systems in the U.S., Germany, and Afghanistan. Cisco Talos attributed the attacks to the Turla advanced persistent threat APT group, coining the malware...

Threat Source newsletter (Sept. 23, 2021)

Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers. The Russian APT Turla is one of the most notorious threat actors out there today. And they aren't stopping, recently adding a new backdoor to their arsenal that serves as a "last chance" to retain a foothold on victim... This is on...

TinyTurla - Turla deploys new malware to keep a secret backdoor on victim machines

News summary Cisco Talos recently discovered a new backdoor used by the Russian Turla APT group.We have seen infections in the U.S., Germany and, more recently, in Afghanistan. It is likely used as a stealth second-chance backdoor to keep access to infected devicesIt can be used to download,...

Turla APT Plants Novel Backdoor In Wake of Afghan Unrest

The Turla advanced persistent threat APT group is back with a new backdoor used to infect systems in Afghanistan, Germany and the U.S., researchers have reported. On Tuesday, Cisco Talos researchers said that they’ve spotted infections they attributed to the Turla group aka Snake, Venomous Bear,...

IT threat evolution Q1 2021

Targeted attacks Putting the A into APT In December, SolarWinds, a well-known IT managed services provider, fell victim to a sophisticated supply-chain attack. The companys Orion IT, a solution for monitoring and managing customers IT infrastructure, was compromised by threat actors. This resulte...

The SolarWinds Hackers Shared Tricks With a Russian Spy Group

Security researchers have found links between the attackers and Turla, a sophisticated team suspected of operating out of Moscow’s FSB intelligence agency...

SolarWinds Hack Potentially Linked to Turla APT

New details on the Sunburst backdoor used in the sprawling SolarWinds supply-chain attack potentially link it to previously known activity by the Turla advanced persistent threat APT group. Researchers at Kaspersky have uncovered several code similarities between Sunburst and the Kazuar backdoor...

Researchers Find Links Between Sunburst and Russian Kazuar Malware

Cybersecurity researchers, for the first time, may have found a potential connection between the backdoor used in the SolarWinds hack to a previously known malware strain. In new research published by Kaspersky researchers today, the cybersecurity firm said it discovered several features that...

Researchers Find Links Between Sunburst and Russian Kazuar Malware

Cybersecurity researchers, for the first time, may have found a potential connection between the backdoor used in the SolarWinds hack to a previously known malware strain. In new research published by Kaspersky researchers today, the cybersecurity firm said it discovered several features that...

Sunburst backdoor – code overlaps with Kazuar

Introduction On December 13, 2020, FireEye published a blog post detailing a supply chain attack leveraging Orion IT, an infrastructure monitoring and management platform by SolarWinds. In parallel, Volexity published an article with their analysis of related attacks, attributed to an actor named...

Turla's 'Crutch' Backdoor Leverages Dropbox in Espionage Attacks

Researchers have discovered a previously undocumented backdoor and document stealer, which they have linked to the Russian-speaking Turla advanced persistent threat APT espionage group. The malware, which researchers call “Crutch,” is able to bypass security measures by abusing legitimate tools –...

Experts Uncover 'Crutch' Russian Malware Used in APT Attacks for 5 Years

Cybersecurity researchers today took the wraps off a previously undocumented backdoor and document stealer that has been deployed against specific targets from 2015 to early 2020. Codenamed "Crutch" by ESET researchers, the malware has been attributed to Turla aka Venomous Bear or Snake, a...

Experts Uncover 'Crutch' Russian Malware Used in APT Attacks for 5 Years

Cybersecurity researchers today took the wraps off a previously undocumented backdoor and document stealer that has been deployed against specific targets from 2015 to early 2020. Codenamed "Crutch" by ESET researchers, the malware has been attributed to Turla aka Venomous Bear or Snake, a...

CISA, FBI, and CNMF Identify a New Malware Variant: ComRAT

The Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, and the Department of Defense Cyber National Mission Force CNMF have identified a malware variant—referred to as ComRAT—used by the Russian-sponsored advanced persistent threat APT actor Turla. In...

Russian Espionage Group Updates Custom Malware Suite

The advanced persistent threat APT known as Turla is targeting government organizations using custom malware, including an updated trio of implants that give the group persistence through overlapping backdoor access. Russia-tied Turla a.k.a. Ouroboros, Snake, Venomous Bear or Waterbug is a...