23 matches found
Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities
The Russia-linked advanced persistent threat APT group known as Turla has been linked to a previously undocumented campaign that involved infiltrating the command-and-control C2 servers of a Pakistan-based hacking group named Storm-0156 to conduct its own operations since 2022. The activity, firs...
LunarWeb and LunarMail: The Secret Weapons of the Turla APT
...
TinyTurla-NG in-depth tooling and command and control analysis
Cisco Talos, in cooperation with CERT.NGO, has discovered new malicious components used by the Turla APT. New findings from Talos illustrate the inner workings of the command and control C2 scripts deployed on the compromised WordPress servers utilized in the compromise we previously disclosed...
TinyTurla Next Generation - Turla APT spies on Polish NGOs
Cisco Talos has identified a new backdoor authored and operated by the Turla APT group, a Russian cyber espionage threat group. This new backdoor were calling "TinyTurla-NG" TTNG is similar to Turlas previously disclosed implant, TinyTurla, in coding style and functionality implementation. Talos...
2023 MITRE ATT&CK® Evaluation results: Malwarebytes earns high marks for detection, blocks initial malware executions
MITRE Engenuity released its 2023 ATT&CK Evaluation results, with Malwarebytes blocking initial malware executions and earning high marks for detection. The evaluation tested 30 vendor solutions against Turla, a sophisticated Russia-based advanced persistent threat APT group with victims in over ...
Russian Turla APT Group Deploying New Backdoor on Targeted Systems
State-sponsored hackers affiliated with Russia are behind a new series of intrusions using a previously undocumented implant to compromise systems in the U.S., Germany, and Afghanistan. Cisco Talos attributed the attacks to the Turla advanced persistent threat APT group, coining the malware...
Turla APT Plants Novel Backdoor In Wake of Afghan Unrest
The Turla advanced persistent threat APT group is back with a new backdoor used to infect systems in Afghanistan, Germany and the U.S., researchers have reported. On Tuesday, Cisco Talos researchers said that they’ve spotted infections they attributed to the Turla group aka Snake, Venomous Bear,...
IT threat evolution Q1 2021
Targeted attacks Putting the A into APT In December, SolarWinds, a well-known IT managed services provider, fell victim to a sophisticated supply-chain attack. The companys Orion IT, a solution for monitoring and managing customers IT infrastructure, was compromised by threat actors. This resulte...
SolarWinds Hack Potentially Linked to Turla APT
New details on the Sunburst backdoor used in the sprawling SolarWinds supply-chain attack potentially link it to previously known activity by the Turla advanced persistent threat APT group. Researchers at Kaspersky have uncovered several code similarities between Sunburst and the Kazuar backdoor...
Sunburst backdoor – code overlaps with Kazuar
Introduction On December 13, 2020, FireEye published a blog post detailing a supply chain attack leveraging Orion IT, an infrastructure monitoring and management platform by SolarWinds. In parallel, Volexity published an article with their analysis of related attacks, attributed to an actor named...
Turla APT Revamps One of Its Go-To Spy Tools
The Turla APT group has been spotted using an updated version of the ComRAT remote-access trojan RAT to attack governmental targets. Turla a.k.a. Snake, Venomous Bear, Waterbug or Uroboros, is a Russian-speaking threat actor known since 2014, but with roots that go back to 2004 and earlier,...
New ComRAT Malware Uses Gmail to Receive Commands and Exfiltrate Data
Cybersecurity researchers today uncovered a new advanced version of ComRAT backdoor, one of the earliest known backdoors used by the Turla APT group, that leverages Gmail's web interface to covertly receive commands and exfiltrate sensitive data. "ComRAT v4 was first seen in 2017 and known still ...
HTTP Status Codes Command This Malware How to Control Hacked Systems
A new version of COMpfun remote access trojan RAT has been discovered in the wild that uses HTTP status codes to control compromised systems targeted in a recent campaign against diplomatic entities in Europe. The cyberespionage malware—traced to Turla APT with "medium-to-low level of confidence"...
Innovative Spy Trojan Targets European Diplomatic Targets
A fresh malware trojan has emerged, built from the same code base as the stealthy COMPFun remote access trojan RAT. The malware is using spoofed visa applications to hit diplomatic targets in Europe and may be the work of the Turla APT. According to researchers at Kaspersky, the fake visa...
New Reductor Nation-State Malware Compromises TLS
Kaspersky has a detailed blog post about a new piece of sophisticated malware that it's calling Reductor. The malware is able to compromise TLS traffic by infecting the computer with hacked TLS engine substituted on the fly, "marking" infected TLS handshakes by compromising the underlining...
Turla APT Returns with New Malware, Anti-Censorship Angle
The Turla APT has revamped its arsenal in 2019, creating new weapons and tools for targeting government entities. It’s now using booby-trapped anti-internet censorship software as an initial infection vector, suggesting Turla is going after dissident or other civil-society targets. The...
Researchers in the Dark on Powerful LightNeuron Malware for Years
LightNeuron, a backdoor specifically designed to target Microsoft Exchange mail servers, has flown under the radar since at least 2014, despite being the malware linchpin at the center of several targeted campaigns. A fresh analysis of the recently uncovered code shows that it’s the first publicl...
Virus Bulletin 2018: Turla APT Changes Shape with New Code and Targets
MONTREAL – The Turla APT group’s extensive activities have diversified this year, representing a mix of old code, new code and fresh targets. Perhaps most interesting, this sophisticated group is branching into using scripts and open-source code in its malware development – a marked departure for...
Turla APT Used WhiteBear Espionage Tools Against Defense Industry, Embassies
A toolset belonging to the Russian-speaking Turla APT has been publicly disclosed, and along with it details on its capabilities and indicators of compromise. The tools, called WhiteBear, were used to attack defense organizations as recently as June, and diplomatic targets in Europe, Asia and Sou...
Russian-Speaking Turla Joins APT Elite
SINT MAARTEN—In the waning moments of his 2016 talk at the Security Analyst Summit, Thomas Rid had a drop-the-mic moment when he disclosed there were likely links between the infamous Moonlight Maze cyberespionage operation of the mid- and late-1990s and the modern-day Turla APT. Today during thi...