Lucene search
K

23 matches found

The Hacker News
The Hacker News
added 2024/12/04 5:23 p.m.8 views

Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities

The Russia-linked advanced persistent threat APT group known as Turla has been linked to a previously undocumented campaign that involved infiltrating the command-and-control C2 servers of a Pakistan-based hacking group named Storm-0156 to conduct its own operations since 2022. The activity, firs...

7.2AI score
Exploits0
hivepro
hivepro
added 2024/05/17 6:17 a.m.23 views

LunarWeb and LunarMail: The Secret Weapons of the Turla APT

...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2024/02/22 1:0 p.m.20 views

TinyTurla-NG in-depth tooling and command and control analysis

Cisco Talos, in cooperation with CERT.NGO, has discovered new malicious components used by the Turla APT. New findings from Talos illustrate the inner workings of the command and control C2 scripts deployed on the compromised WordPress servers utilized in the compromise we previously disclosed...

7.8AI score
Exploits0
Talos Blog
Talos Blog
added 2024/02/15 1:0 p.m.22 views

TinyTurla Next Generation - Turla APT spies on Polish NGOs

Cisco Talos has identified a new backdoor authored and operated by the Turla APT group, a Russian cyber espionage threat group. This new backdoor were calling "TinyTurla-NG" TTNG is similar to Turlas previously disclosed implant, TinyTurla, in coding style and functionality implementation. Talos...

8.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/10/05 12:0 p.m.52 views

2023 MITRE ATT&CK® Evaluation results: Malwarebytes earns high marks for detection, blocks initial malware executions

MITRE Engenuity released its 2023 ATT&CK Evaluation results, with Malwarebytes blocking initial malware executions and earning high marks for detection. The evaluation tested 30 vendor solutions against Turla, a sophisticated Russia-based advanced persistent threat APT group with victims in over ...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/09/27 1:35 p.m.33 views

Russian Turla APT Group Deploying New Backdoor on Targeted Systems

State-sponsored hackers affiliated with Russia are behind a new series of intrusions using a previously undocumented implant to compromise systems in the U.S., Germany, and Afghanistan. Cisco Talos attributed the attacks to the Turla advanced persistent threat APT group, coining the malware...

1.7AI score
Exploits0
ThreatPost
ThreatPost
added 2021/09/21 4:2 p.m.26 views

Turla APT Plants Novel Backdoor In Wake of Afghan Unrest

The Turla advanced persistent threat APT group is back with a new backdoor used to infect systems in Afghanistan, Germany and the U.S., researchers have reported. On Tuesday, Cisco Talos researchers said that they’ve spotted infections they attributed to the Turla group aka Snake, Venomous Bear,...

7.5AI score
Exploits0References17
Securelist
Securelist
added 2021/05/31 10:0 a.m.532 views

IT threat evolution Q1 2021

Targeted attacks Putting the A into APT In December, SolarWinds, a well-known IT managed services provider, fell victim to a sophisticated supply-chain attack. The companys Orion IT, a solution for monitoring and managing customers IT infrastructure, was compromised by threat actors. This resulte...

10CVSS0.6AI score0.99999EPSS
Exploits68
ThreatPost
ThreatPost
added 2021/01/11 5:53 p.m.42 views

SolarWinds Hack Potentially Linked to Turla APT

New details on the Sunburst backdoor used in the sprawling SolarWinds supply-chain attack potentially link it to previously known activity by the Turla advanced persistent threat APT group. Researchers at Kaspersky have uncovered several code similarities between Sunburst and the Kazuar backdoor...

7.3AI score
Exploits0References18
Securelist
Securelist
added 2021/01/11 10:0 a.m.87 views

Sunburst backdoor – code overlaps with Kazuar

Introduction On December 13, 2020, FireEye published a blog post detailing a supply chain attack leveraging Orion IT, an infrastructure monitoring and management platform by SolarWinds. In parallel, Volexity published an article with their analysis of related attacks, attributed to an actor named...

7.4AI score
Exploits0
ThreatPost
ThreatPost
added 2020/05/26 3:28 p.m.46 views

Turla APT Revamps One of Its Go-To Spy Tools

The Turla APT group has been spotted using an updated version of the ComRAT remote-access trojan RAT to attack governmental targets. Turla a.k.a. Snake, Venomous Bear, Waterbug or Uroboros, is a Russian-speaking threat actor known since 2014, but with roots that go back to 2004 and earlier,...

7.9AI score
Exploits0References6
The Hacker News
The Hacker News
added 2020/05/26 9:36 a.m.53 views

New ComRAT Malware Uses Gmail to Receive Commands and Exfiltrate Data

Cybersecurity researchers today uncovered a new advanced version of ComRAT backdoor, one of the earliest known backdoors used by the Turla APT group, that leverages Gmail's web interface to covertly receive commands and exfiltrate sensitive data. "ComRAT v4 was first seen in 2017 and known still ...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2020/05/15 9:43 a.m.63 views

HTTP Status Codes Command This Malware How to Control Hacked Systems

A new version of COMpfun remote access trojan RAT has been discovered in the wild that uses HTTP status codes to control compromised systems targeted in a recent campaign against diplomatic entities in Europe. The cyberespionage malware—traced to Turla APT with "medium-to-low level of confidence"...

0.3AI score
Exploits0
ThreatPost
ThreatPost
added 2020/05/14 8:59 p.m.44 views

Innovative Spy Trojan Targets European Diplomatic Targets

A fresh malware trojan has emerged, built from the same code base as the stealthy COMPFun remote access trojan RAT. The malware is using spoofed visa applications to hit diplomatic targets in Europe and may be the work of the Turla APT. According to researchers at Kaspersky, the fake visa...

7.5AI score
Exploits0References6
Schneier on Security
Schneier on Security
added 2019/10/10 6:49 p.m.66 views

New Reductor Nation-State Malware Compromises TLS

Kaspersky has a detailed blog post about a new piece of sophisticated malware that it's calling Reductor. The malware is able to compromise TLS traffic by infecting the computer with hacked TLS engine substituted on the fly, "marking" infected TLS handshakes by compromising the underlining...

1AI score
Exploits0
ThreatPost
ThreatPost
added 2019/07/15 8:55 p.m.129 views

Turla APT Returns with New Malware, Anti-Censorship Angle

The Turla APT has revamped its arsenal in 2019, creating new weapons and tools for targeting government entities. It’s now using booby-trapped anti-internet censorship software as an initial infection vector, suggesting Turla is going after dissident or other civil-society targets. The...

Exploits0References9
ThreatPost
ThreatPost
added 2019/05/09 2:49 p.m.87 views

Researchers in the Dark on Powerful LightNeuron Malware for Years

LightNeuron, a backdoor specifically designed to target Microsoft Exchange mail servers, has flown under the radar since at least 2014, despite being the malware linchpin at the center of several targeted campaigns. A fresh analysis of the recently uncovered code shows that it’s the first publicl...

7.8AI score
Exploits0References6
ThreatPost
ThreatPost
added 2018/10/04 7:14 p.m.20 views

Virus Bulletin 2018: Turla APT Changes Shape with New Code and Targets

MONTREAL – The Turla APT group’s extensive activities have diversified this year, representing a mix of old code, new code and fresh targets. Perhaps most interesting, this sophisticated group is branching into using scripts and open-source code in its malware development – a marked departure for...

0.2AI score
Exploits0References14
ThreatPost
ThreatPost
added 2017/08/30 3:18 p.m.15 views

Turla APT Used WhiteBear Espionage Tools Against Defense Industry, Embassies

A toolset belonging to the Russian-speaking Turla APT has been publicly disclosed, and along with it details on its capabilities and indicators of compromise. The tools, called WhiteBear, were used to attack defense organizations as recently as June, and diplomatic targets in Europe, Asia and Sou...

7.1AI score
Exploits0References4
ThreatPost
ThreatPost
added 2017/04/03 12:9 p.m.19 views

Russian-Speaking Turla Joins APT Elite

SINT MAARTEN—In the waning moments of his 2016 talk at the Security Analyst Summit, Thomas Rid had a drop-the-mic moment when he disclosed there were likely links between the infamous Moonlight Maze cyberespionage operation of the mid- and late-1990s and the modern-day Turla APT. Today during thi...

Exploits0References9
Rows per page
Query Builder